The GREAT 'Risk' Reset

On November 16, 2022, the annual ISACA Risk Event was held at Spant! Congrescentrum in Bussum the Netherlands.

We proudly thank our sponsors for making Risk Event 2022 possible.

Risk Event 2022

The GREAT 'Risk' Reset

The past 2-3 years have been marked by many impactful events or themes that will continue to receive more attention in the coming period, such as corona, further digitalization and climate change. In addition, there are also various themes that are expected to come to the fore in the coming years and will have more impact on our work and our lives, such as the increasingly widespread availability of attack techniques, robotization and deepfakes.

These events and themes also have a (strong) link with information security and thus with the importance of mitigating the risks that come with it and arise from it as much as possible. Think of risks regarding remote working, more complex ransomware attacks, increased dependence on cloud services and more shortages of cybersecurity specialists or resources due to raw material shortages. At the same time, we see that governments and supervisors are further tightening the laws and regulations (including NIS2) to protect society against these risks. All in all, the time is ripe for the third IT Risk Event!

This congress focuses on the contemporary risks that organizations are confronted with.

The program starts with a number of keynotes, and is then divided into the following four main streams:

  • IT Risk
  • Supplier Risk
  • Corporate Risk
  • Emerging Risk

Each of the main streams contains various seminars by top speakers and you decide which one you attend! You can find all the names of speakers on the program page.

During the day there is sufficient time to speak to speakers and other participants during the breaks, lunch, drinks and dinner.

The ISACA Risk Event is aimed at (IT) Risk Managers and Risk Consultants, Security/Privacy and Cyber ​​specialists, IT Auditors, CIOs, (Senior) Management, Thought leaders in organizations, Business information managers, Application managers, Project and service managers and Consultants in the IT sector.

Speakers

Meet the experts who took the stage in 2022: thought leaders, innovators, and changemakers in risk, IT audit, and cybersecurity.
Alex de Vries
Alex de Vries
Digiconomist
André Smulders
André Smulders
TNO
Céline Christensen
Céline Christensen
ING
Dina Boonstra
Dina Boonstra
NV NOM
Dwayne Valkenburg
Dwayne Valkenburg
President ISACA NL Chapter
Egge van der Poel
Egge van der Poel
Eline Bijnens
Eline Bijnens
Royal Schiphol Group
Ellen Mok
Ellen Mok
Technologiebeleid en digitale public affairs
Erwin Maas
Erwin Maas
Northwave
Etay Maor
Etay Maor
Chief Security Strategist
Firas Abali
Firas Abali
Board Member ISACA NL Chapter
Floor Terra
Floor Terra
Privacy company
Fokke Jan van der Tol
Fokke Jan van der Tol
ISACA NL Chapter
Irfaan Santoe
Irfaan Santoe
CEO
Jan Marko Silvius
Jan Marko Silvius
Ministerie van Defensie
Josina Rodrigues
Josina Rodrigues
INATBA
Karen Blanksma
Karen Blanksma
Royal Schiphol Group
Magdalena Chociej
Magdalena Chociej
ING
Marcel van Kaam
Marcel van Kaam
KPMG
Mark Thomas
Mark Thomas
Escoute, LLC
Melike Ozunlu
Melike Ozunlu
ING
Niels Hatzmann
Niels Hatzmann
VM25
Pepijn Vissers
Pepijn Vissers
Chapter8
Peter Kornelisse
Peter Kornelisse
EY
Piet Bel
Piet Bel
ASML
Robbert Kramer
Robbert Kramer
ASML
Sam Huibers
Sam Huibers
IIA
Stefan Simenon
Stefan Simenon
ABN AMRO
Sunette Runhaar
Sunette Runhaar
UBER
Vincent Damen
Vincent Damen
Protiviti
Vincent Thiele
Vincent Thiele
Darktrace en CSIRT.Global (DiVD)
Yigal Unna
Yigal Unna
Rescana - sponserd by Cert2Connect
Alex de Vries
Alex de Vries
André Smulders
André Smulders
Céline Christensen
Céline Christensen
Dina Boonstra
Dina Boonstra
Dwayne Valkenburg
Dwayne Valkenburg
Egge van der Poel
Egge van der Poel
Eline Bijnens
Eline Bijnens
Ellen Mok
Ellen Mok
Erwin Maas
Erwin Maas
Etay Maor
Etay Maor
Firas Abali
Firas Abali
Floor Terra
Floor Terra
Fokke Jan van der Tol
Fokke Jan van der Tol
Irfaan Santoe
Irfaan Santoe
Jan Marko Silvius
Jan Marko Silvius
Josina Rodrigues
Josina Rodrigues
Karen Blanksma
Karen Blanksma
Magdalena Chociej
Magdalena Chociej
Marcel van Kaam
Marcel van Kaam
Mark Thomas
Mark Thomas
Melike Ozunlu
Melike Ozunlu
Niels Hatzmann
Niels Hatzmann
Pepijn Vissers
Pepijn Vissers
Peter Kornelisse
Peter Kornelisse
Piet Bel
Piet Bel
Robbert Kramer
Robbert Kramer
Sam Huibers
Sam Huibers
Stefan Simenon
Stefan Simenon
Sunette Runhaar
Sunette Runhaar
Vincent Damen
Vincent Damen
Vincent Thiele
Vincent Thiele
Yigal Unna
Yigal Unna

Aftermovie

Experience the atmosphere and insights of Risk Event 2022. Curious what’s next? Join us this year and connect with the leaders in IT risk and security.

Programme Risk Event 2022

Explore four parallel tracks. Each with its own focus on today's most pressing risks. Choose a Podium to view sessions from that track only. Curious to learn more? Click on a session title to see details about the speaker and topic.

The GREAT IT Risk

Podium I

The GREAT Emerging Risk

Podium II

The GREAT Corporate Risk

Podium III

The GREAT Supplier Risk

Podium IV
08.30 - 09.30
Arrival, registration, coffee
08.30 - 09.30
Arrival, registration, coffee
09.30 - 09.45
Podium I
Opening
Firas Abali
Board Member ISACA NL Chapter
09.30 - 09.45
Podium I
Opening
Event opening Speech
Firas Abali
Board Member ISACA NL Chapter
View profile
Connect via LinkedIn
09.45 - 10.15
Podium I
ASML Security Circles of Trust – ASMLs strategy to extend their security strategy beyond the corporate boundary. Why, How, What
Piet Bel
ASML
09.45 - 10.15
Podium I
ASML Security Circles of Trust – ASMLs strategy to extend their security strategy beyond the corporate boundary. Why, How, What
At ASML, we jointly develop our technology with partners inside and outside our company, in an innovative and connected ecosystem based on trust. Nowadays, innovating and collaborating in a connected ecosystem requires protection of information beyond our corporate boundary, as the attack surface is extended to the perimeter of the total ecosystem. In our Risk Universe, we have identified the risk of leakage of information under custody of a partner, and/or substantial business disruption of ASML or its partners, caused by security incidents in our value chain. To further reinforce our ecosystem ASML has continued to work on establishing Security Circles of Trust. These are the next step to help develop security maturity with our partners and together mitigate risks, to increase cyber resilience in the value chain, to increase protection of IP in the value chain and to stand strong together. Throughout this presentation, we will give practical tips and share best practices and lessons learnt that ISF members can use to improve the cyber resilience of their ecosystem.
Piet Bel
ASML

Piet is Senior External Relations Manager in the Security Office and is building and managing the relationships with external stakeholders in Government, Law Enforcement, Peers and the Semiconductor Ecosystem.  He is the founder of the Security Circles of Trust initiative and can draw upon 35+ years of experience in the ICT/Cyber Industry and as Rapporteur for the European Commission Horizon 2020/EU program.

He will explain the Business & ESG rationale behind the strategy, why ASML is implementing this strategy and elaborate upon what other organizations can do follow ASML’ lead to work together with external stakeholders to raise the security of the entire ecosystem.

View profile
Connect via LinkedIn
10.15 - 10.45
Podium I
Busting cyber security myths
Etay Maor
Chief Security Strategist
Download
10.15 - 10.45
Podium I
Busting cyber security myths
You hear these myths at security conferences, in the news, and from every point solution security vendor. “The attacker needs to be right just once”, “more security products means better security”, “threat actors are using more sophisticated tools” – but when examining todays cyber-attacks and defenses, are these true? In this session we are going to bust cybersecurity myths using examples from recent attacks and incidents, understand why these myths got popular, and suggest ways to counter the actual threats that are out there. In addition we will review a RaaS (Ransomware as a Service) attack and see a demo of how attackers utilize cloud adoption to their advantage.
Etay Maor
Chief Security Strategist

Etay Maor is the Sr. Director Security Strategy at Cato Networks and an industry recognized cyber security researcher and keynote speaker.
Previously, Etay was the Chief Security Officer for IntSights Before that Etay held numerous leadership and research positions as an Executive Security Advisor at IBM and as Head of RSA Security’s Cyber Threats Research Labs.
Etay is an adjunct professor at Boston College and holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism. Etay is a frequent featured speaker at major industry conferences.

View profile
Connect via LinkedIn
10.45 - 11.15
Coffee Break
10.45 - 11.15
Coffee Break
11.15 - 11.45
Podium I
A marriage between DevOps and Security Here are the vows!
Irfaan Santoe
CEO
Download
11.15 - 11.45
Podium I
A marriage between DevOps and Security Here are the vows!
You are now witnessing an unprecedented level of IT adoption in everything we do! And I can tell that we are at the beginning of a new revolution considering the impact of technological developments such as Artificial Intelligence (AI), Internet Of Things (IoT), Quantum Computing, etc. To sustain these technological developments, it is extremely important to secure the foundation of this growth. I see modern Software Development methodologies & technologies such as DevOps, Agile, Microservices and Public Cloud as the foundation of this growth. During the session we will talk about various root causes why we are currently failing to secure DevOps and Cloud and the solution to get back in control.
Irfaan Santoe
CEO

Irfaan is a Thought Leader on secure DevOps. It is his mission to close the gap between the world of Application Development, IT Operations and Security. He fulfilled several information security leadership roles for listed & global enterprises like Wolters Kluwer, ABN AMRO bank and helped numerous multinationals in solving complex information security challenges as Deloitte. At ABN AMRO Irfaan lead the security implementation for DevOps, as part of a transformation program to uplift 500+ Dev-teams to become DevOps. Irfaan is also writing a book on how to scale security in DevOps which will be released in Q1 2023. He is a Master in Computer Science (a programmer by heart) and is fascinated by the Inner Science of Yoga & Meditation.

View profile
Connect via LinkedIn
11.15 - 11.45
Podium II
How deepfakes might hurt your ?, business Deepfakes as a corporate risk
Ellen Mok
Technologiebeleid en digitale public affairs
Download
11.15 - 11.45
Podium II
How deepfakes might hurt your ?, business Deepfakes as a corporate risk
You are now witnessing an unprecedented level of IT adoption in everything we do! And I can tell that we are at the beginning of a new revolution considering the impact of technological developments such as Artificial Intelligence (AI), Internet Of Things (IoT), Quantum Computing, etc. To sustain these technological developments, it is extremely important to secure the foundation of this growth. I see modern Software Development methodologies & technologies such as DevOps, Agile, Microservices and Public Cloud as the foundation of this growth. During the session we will talk about various root causes why we are currently failing to secure DevOps and Cloud and the solution to get back in control.
Ellen Mok
Technologiebeleid en digitale public affairs

Having a background Deepfakes as a corporate risk in Technology, Policy and Management, Ellen has always been focused on the impact that technology can make. While technology is a great enabler for organizations, there are many risk involved as well. Ellen always seeks to find simple and actionable solutions to tackle (emerging) complex problems.

View profile
Connect via LinkedIn
11.15 - 11.45
Podium III
Algoritmes een bedreiging of een kans?
Dina Boonstra
NV NOM
Download
11.15 - 11.45
Podium III
Algoritmes een bedreiging of een kans?
De EU heeft een programma dat zich richt op het inzetten van kunstmatige intelligentie (Artificial Intelligence AI) dat gericht is op excellentie en vertrouwen terwijl daarbij veiligheid en fundamentele rechten verzekerd zijn. In Noord-Nederland is de AI hub NNL actief met een programma gericht op het MKB. In diverse sectoren wordt door bedrijven gewerkt aan wat de grootste kansen en bedreigingen zijn als het gaat om AI. Dina Boonstra deelt de voorbeelden uit de praktijk en koppelt deze aan de uitganspunten van het Europese beleid.
Dina Boonstra
NV NOM

Dina Boonstra heeft gewerkt aan grote maatschappelijke transities. Digitalisering van grote administratieve processen bij AEGON (binnenkort ASR), liberalisering van de energiemarkt bij NUON (nu Vattenfall) en de omslag van papieren media naar een multi-mediaal bedrijf bij o.a. NDC Mediagroep (nu Mediahuis Noord). Sinds 2019 is ze eindverantwoordelijk voor de NV NOM, de ontwikkelings- en investeringsmaatschappij voor de drie noordelijke provincies.

De NOM richt zich op het innovatieve MKB dat een bijdrage wil leveren aan circulaire en duurzame processen, een gezondere samenleving en digitalisering van het MKB.

View profile
Connect via LinkedIn
11.15 - 11.45
Podium IV
Supplier Risk Management bij Defensie
Jan Marko Silvius
Ministerie van Defensie
Download
11.15 - 11.45
Podium IV
Supplier Risk Management bij Defensie
Een kijkje in de keuken bij Defensie hoe men omgaat met supplier risk management. Het kan altijd beter en daar hebben we jou ook bij nodig.
Jan Marko Silvius
Ministerie van Defensie

Defensie is een super organisatie om voor te mogen werken. Jan Marko Silvius doet dat in een prachtig team van doorzetters en karakters. Hij werkt als hoofd van de afdeling Inkoop IT nauw samen met de Defensie IT organisatie (JIVC).

View profile
Connect via LinkedIn
11.45 - 11.55
Hall Change
11.45 - 11.55
Hall Change
11.55 - 12.25
Podium I
Softwareontwikkeling en risicobeheersing bij de bestrijding van COVID19
Niels Hatzmann
VM25
11.55 - 12.25
Podium I
Softwareontwikkeling en risicobeheersing bij de bestrijding van COVID19
Bezoek deze presentatie als je meer wilt weten over de ontwikkeling van software bij het Ministerie van VWS tijdens de COVID pandemie, de risico analyses die hieraan ten grondslag lagen en de omgang hiermee. Hoe lukte het om de vaccinatiecampagne eerder dan gepland te laten starten? Het programma ‘Realisatie Digitale Ondersteuning’ bij de Directie Informatiebeleid van het Ministerie van VWS bouwde veel software voor de vaccinatiecampagne, om zo in te kunnen spelen op de dynamiek van de campagne. Spreker Niels Hatzmann was een van de projectleiders betrokken bij de bouw van deze software en had een faciliterende rol in een team met internationaal bekende experts en programmeurs, waarin security, privacy en het belang van de burger centraal stonden.
Niels Hatzmann
VM25

Niels Hatzmann werkt als zelfstandig projectleider en documentatiespecialist in de non-profit sector. Het Ministerie van VWS huurde hem in om mee te helpen bij het bouwen van de systemen die nodig waren voor de bestrijding van de pandemie.

View profile
Connect via LinkedIn
11.55 - 12.25
Podium II
Blockchain and the Metaverse: Emerging Risks in Web 3.0
Josina Rodrigues
INATBA
Download
11.55 - 12.25
Podium II
Blockchain and the Metaverse: Emerging Risks in Web 3.0
The purpose of the presentation is to showcase business opportunities that stem from blockchain and the emerging risks within web 3.0 and metaverse. Undoubtedly, the new digital ecosystem of transactions based on smart contracts, cryptocurrencies, and NFTs presents a multitude of scenarios. How can we successfully select and identify emerging risks for each strategic solution?
Josina Rodrigues
INATBA

Josina is an advisor & consultant and the first holder of a blockchain Ph.D. in Portugal. Before starting as a technology-based investigator, she worked for 20+ years as a Marketing & Finance Director. She is currently a consultant at various companies and start-ups, a blockchain trainer, as well as a lecturer.

View profile
Connect via LinkedIn
11.55 - 12.25
Podium III
Encryptie als oplossing voor internationale doorgifte-risico’s onder de AVG?
Floor Terra
Privacy company
11.55 - 12.25
Podium III
Encryptie als oplossing voor internationale doorgifte-risico’s onder de AVG?
Het gebruik van Amerikaanse cloud-diensten onder de AVG brengt een hoop zorgen en discussies met zich mee. Toezichthouders zitten er vrij strikt in en laten weinig ruimte behalve wanneer encryptie wordt ingezet. Maar welke opties zijn er voor het gebruik van encryptie in cloud-diensten en in welke omstandigheden kan je daar gebruik van maken?
Floor Terra
Privacy company

Floor Terra is Senior Adviseur bij Privacy Company waar hij de risico’s van het gebruik van producten en diensten van grote techbedrijven onderzoekt zoals de publiek beschikbare DPIAs over Microsoft-, Google- en Zoom-producten.

View profile
Connect via LinkedIn
11.55 - 12.25
Podium IV
Cybersecurity en bedreigingen vanuit statelijke actoren, wat bedrijven moeten weten als het gaat om China.
Marcel van Kaam
KPMG
Download
11.55 - 12.25
Podium IV
Cybersecurity en bedreigingen vanuit statelijke actoren, wat bedrijven moeten weten als het gaat om China.
De cybercapaciteiten van China groeien sterk. Deze ontwikkeling wordt door meerdere westerse veiligheidsorganisaties gezien als een bedreiging. O.a de Britse en Amerikaanse veiligheidsdiensten hebben openlijk verklaard dat China “over aanzienlijke offensieve cybercapaciteiten beschikt en beschouwt moet worden als de grootste economische dreiging voor de lange termijn.”[1] Zij maken zich ernstig zorgen over het “asymmetrische” speelveld dat China over de jaren heen heeft ontwikkeld. Maar wat houdt deze dreiging in en wat wordt eigenlijk bedoeld met dit asymmetrische speelveld? Wat wil China bereiken en waar kunnen eventueel risico’s voor uw organisatie liggen? [1] Corera, B. G. (2022, 7 juli). China: MI5 and FBI heads warn of ‘immense’ threat. BBC News. https://www.bbc.com/news/world-asia-china-62064506 
Marcel van Kaam
KPMG

Marcel is werkzaam als Senior Manager bij KPMG Advisory Nederland. Marcel heeft overheid en private organisaties geholpen hun gevoelige informatie, assets en werkprocessen, alsmede sleutelfiguren van een organisatie, te beschermen tegen persistente actoren met een offensief cyber programma.

View profile
12.25 - 12.35
Hall Change
12.25 - 12.35
Hall Change
12.35 - 13.05
Podium I
Cybersecurity – Wat vinden wij veilig genoeg in 2022?
Peter Kornelisse
EY
Download
12.35 - 13.05
Podium I
Cybersecurity – Wat vinden wij veilig genoeg in 2022?
Wat zien wij vandaag als de ‘normaal’ voor cybersecurity, en hoe ontwikkelt deze ‘normaal’ zich? En wat beinvloedt onze perceptie van de ‘normaal’ van cybersecurity? Op basis van EY’s ervaringen bij vele organisaties wordt concreet gemaakt wat de ‘normaal’ is, ofwel de stand van cybersecurity in Nederlandse organisaties. Er wordt expliciet gepresenteerd wat de cyber-uitdagingen van organisaties vandaag de dag zijn. Ook wordt expliciet gemaakt welke factoren de snelheid van verbeteren van organisaties beïnvloeden, en hoe cyber er uit ziet in de betere organisatie.
Peter Kornelisse
EY

Peter is sinds 2018 als partner werkzaam bij EY betreffende Cyber assurance. Daarvoor heeft Peter 24 jaar gewerkt bij KPMG (Security & Technology), en 4 jaar bij Booking.com (Risk & Compliance). Ook is peter al meer dan 20 jaren betrokken bij de opleiding IT-auditing van TIAS, waaronder als hoofddocent voor de specialisatie Auditing Cybersecurity.

View profile
Connect via LinkedIn
12.35 - 13.05
Podium II
The Unexpected Consequences of Digital Currency
Alex de Vries
Digiconomist
12.35 - 13.05
Podium II
The Unexpected Consequences of Digital Currency
We often expect a lot from new technologies like digital currencies, but these developments can also have unexpected and undesirable consequences. Digital currencies are supposed to make financial intermediaries obsolete, but many governments are now struggling to address various challenges that digital currencies pose, such as investor protection, preventing money laundering and terrorist financing, and the impact the underlying technology has on our energy consumption and the environment. This session therefore focuses primarily on raising awareness of the negative externalities associated with digital currencies.
Alex de Vries
Digiconomist

Alex de Vries is de oprichter van Digiconomist, wat vooral bekend is voor het leveren van informatie met betrekking tot de duurzaamheid van Bitcoin en andere digitale valuta via o.a. de Bitcoin Energy Consumption Index. Alex is ook op dit onderwerp aan het promoveren aan de VU Amsterdam.

View profile
Connect via LinkedIn
12.35 - 13.05
Podium III
Data Ethics by design
Karen Blanksma
Royal Schiphol Group
Eline Bijnens
Royal Schiphol Group
Download
12.35 - 13.05
Podium III
Data Ethics by design
In deze sessie geven Karen en Eline een inkijk in hoe Royal Schiphol Group wil omgaan met het beheren van risico’s rond het gebruik van data. Het framework, ontwikkeld in samenwerking met Accenture, combineert activiteiten vanuit (toekomstige) compliancevereisten, maatschappelijke verantwoordelijkheid, en risicobeheersing. Hiermee zullen op verantwoorde wijze dataproducten (AI en BI) ontwikkeld worden door en voor Schiphol, en dit op een manier die aansluit bij het development proces.
Karen Blanksma
Royal Schiphol Group

Karen zijn beide werkzaam in het Data Governance team van de Data, AI & Analytics afdeling van Royal Schiphol Group. Als Data Consultants houden zij zich o.a. bezig met het beheer van data(producten), opstellen van guidelines en werken aan datakwaliteitsissues.

Karen, opgeleid als architect, heeft eerder bij KPN kennis ontwikkeld over procesontwerp, L6S trajecten, en BIM Modelling, waarin data al een grote rol spelen. Ze is bij Royal Schiphol Group gaan werken vanwege haar radiotechnische kennis, maar heeft met de interne overgang naar het Data Governance team definitief de stap gemaakt naar het datawerkveld.

View profile
Connect via LinkedIn
Eline Bijnens
Royal Schiphol Group

Eline zijn werkzaam in het Data Governance team van de Data, AI & Analytics afdeling van Royal Schiphol Group. Als Data Consultants houden zij zich o.a. bezig met het beheer van data(producten), opstellen van guidelines en werken aan datakwaliteitsissues.

Eline, consultant van CRANIUM NV, heeft ervaring opgedaan als privacyconsultant binnen verschillende Belgische organisaties, vooraleer de overstap te maken naar het bredere datawerkveld.

View profile
Connect via LinkedIn
12.35 - 13.05
Podium IV
Third Parties are scary!
Vincent Thiele
Darktrace en CSIRT.Global (DiVD)
Download
12.35 - 13.05
Podium IV
Third Parties are scary!
The presentation gives insight in the different supply chain attacks, what are the latest trends of these kinds of attacks and what are the most crucial controls to implement these kinds of attacks.
Vincent Thiele
Darktrace en CSIRT.Global (DiVD)

Vincent Thiele is the Deputy Chief Information Security Officer (CISO) at Darktrace and former CISO of Cybersprint. He is responsible for Darktrace ’s security strategy, external cooperation and information sharing. Next to his day job is active as a volunteer at CSIRT.Global helping make the internet safer.

Former roles of Vincent were In his former role, Vincent was head of the Cyber Crime Expertise and Response Team (CCERT) at ING bank, Architect at DoD and incident responder at GOVCERT.NL

View profile
Connect via LinkedIn
13.05 - 14.15
Lunch Break
13.05 - 14.15
Lunch Break
14.15 - 14.45
Podium I
The ABN AMRO Road to Microsoft Azure public cloud
Stefan Simenon
ABN AMRO
Download
14.15 - 14.45
Podium I
The ABN AMRO Road to Microsoft Azure public cloud
Stefan Simenon will elaborate on the Microsoft Azure implementation within ABN AMRO Bank. He will talk about the start up and scaling out of public cloud, the do’s and donts and benefits. Also learnings and pitfalls encountered will be discussed.
Stefan Simenon
ABN AMRO

Stefan Simenon is an IT professional passionate about topics such as Continuous Integration Continuous Delivery, Software Quality, Tooling, DevSecOps, Cloud Native, Security and Public Cloud technology and the management of the cultural, organizational, team and technological changes associated with these approaches.
When working in complex multi-stakeholder environments, I use my social and communication skills combined with in depth IT knowledge and a sense of humor, to manage and overcome challenge.
I like to share and have shared this passion by speaking at several seminars and conferences.

View profile
Connect via LinkedIn
14.15 - 14.45
Podium II
Great risks of Ransomware Hoe werken de cybercriminelen
Erwin Maas
Northwave
14.15 - 14.45
Podium II
Great risks of Ransomware Hoe werken de cybercriminelen
Ransomware is de laatste jaren een groot thema geworden in de cyber-wereld. Computers worden versleuteld, gevoelige data wordt gestolen en back-ups worden vernietigd. Gemiddeld ligt een bedrijf 23 dagen plat na een ransomware aanval, wat ook nog eens inkomstenderving betekent. En niet te vergeten, paspoorten, adressen en telefoonnummers van klanten en werknemers liggen op straat. Wat zijn nu de meest voorkomende ingangen van deze criminelen? Hoe zorg ik als bedrijf dat ik ben voorbereid op zijn aanval? En nog veel belangrijker, wat heb ik nodig om zo snel mogelijk weer aan het werk te kunnen na de aanval?
Erwin Maas
Northwave

Erwin Maas werkt als manager CERT bij Northwave. In zijn rol als manager zorgt hij dat de incident respons teams ingezet kunnen worden bij cyberaanvallen in de BeNeLux, DACH en de Nordics. Daarnaast is Erwin crisismanager bij grote cyberaanvallen. Als crisismanager structureert hij de crisis voor een directie en/of raad van bestuur van getroffen bedrijven. Voordat Erwin begon bij Northwave heeft hij ruim 20 jaar voor de Koninklijke Marine aan boord van onderzeeboten gevaren en meerdere uitzendingen gedaan.

View profile
Connect via LinkedIn
14.15 - 14.45
Podium III
Risk in Focus 2023 – Hot topics voor Risicomanagement en Internal Audit
Sam Huibers
IIA
14.15 - 14.45
Podium III
Risk in Focus 2023 – Hot topics voor Risicomanagement en Internal Audit
Grootschalige complexe risico’s zetten organisaties onder ongekende druk. Terwijl bedrijven hadden gehoopt dat 2022 een geleidelijke terugkeer naar de normaliteit zou zien naarmate de pandemie afnam, heeft het conflict in Oekraïne die veronderstelling op zijn kop gezet. Sinds februari 2022 zijn de prijzen explosief toegenomen en is de inflatie gestegen. De wereld lijkt af te stevenen op een recessie, hoge consumentenschulden, historisch hoge rentetarieven en voedseltekorten met de verdere politieke onrust die die trends met zich mee kunnen brengen. De resultaten van het onderzoek Risk in Focus 2023 samengevat in de vijf ‘hot topics’. Ieder jaar werken de Europese instituten voor Internal Auditors samen om de belangrijkste risico’s te inventariseren voor het komende kalenderjaar. In het rapport worden de ‘hot topics’ voor de auditplanning voor het komende jaar onderzocht.
Sam Huibers
IIA

Sam Huibers is sinds 1 juli 2022 manager Vaktechniek bij het IIA Nederland. Hiervoor werkt hij onder andere bij Upfield en Heineken in diverse audit management rollen. Hij is zijn loopbaan gestart bij DSM.

View profile
Connect via LinkedIn
14.15 - 14.45
Podium IV
Security Circles of Trust
Robbert Kramer
ASML
14.15 - 14.45
Podium IV
Security Circles of Trust
Supplier Security also referred to as Supply Chain Security is an important topic in an interconnected world. In this presentation I will explain the eco-system approach that ASML uses to improve supplier security. The model behind this is based on the strong help the weak.  Sharing of security best-practices and practical information can help suppliers with their roadmap and focus. I will also explain more about the CYRA model that can be used as a roadmap to improve security. Customers can use CYRA to make clear what they expect from their supplier. One of the principles behind the CYRA model is create once use many.
Robbert Kramer
ASML

Robbert Kramer studied business information technology and started working for EY as an IT Auditor. He performed IT audits and was also involved in Legal Hack activities. After EY he started working for Van Lanschot in ‘s-Hertogenbosch. Joined the Internal Audit department and afterwards moved to Security Management. In 2016 Robbert became Security Risk Manager for ASML performing Supplier Security. Main pillars for supplier security are protecting ASML Information and Cyber Security.

Robbert Kramer is also lecturer at the TIAS for the IT audit program. As senior lecturer he is responsible for the module that deals with Trust and Control of technologies.

View profile
Connect via LinkedIn
14.45 - 14.55
Hall Change
14.45 - 14.55
Hall Change
14.55 - 15.25
Podium I
Purple team War Stories
Pepijn Vissers
Chapter8
14.55 - 15.25
Podium I
Purple team War Stories
IT Risk Auditing en Purple Teaming dienen hetzelfde doel: het verbeteren van de weerbaarheid. Maar waar auditing top-down werkt, werken wij bottom-up. Wat zien wij zoal in onze dagelijkse praktijk, zelfs als “alle vinkjes voor de audit zijn gezet”? En hoe werkt dat door in een organisatie? Ik neem u mee in de leuke en minder leuke aspecten van mijn kant van de cyberweerbaarheids-medaille. Maar ik verklap u alvast: we hebben nog een lange weg te gaan.
Pepijn Vissers
Chapter8

Pepijn heeft ruim twintig jaar cybersecurityervaring bij toonaangevende Nederlandse private en publieke organisaties. In 2000 begonnen als forensisch onderzoeker, ethisch hacker en docent, in 2008 overgestapt naar de rijksoverheid om Nederland digitaal weerbaarder te maken en in 2015 naar een van de veiligheidsdiensten, totdat hij in 2020 voor zichzelf begon.

View profile
Connect via LinkedIn
14.55 - 15.25
Podium II
Herkennen van risico’s in een genetwerkte wereld Een verhaal over cactussen, koekjes en Jackass
André Smulders
TNO
14.55 - 15.25
Podium II
Herkennen van risico’s in een genetwerkte wereld Een verhaal over cactussen, koekjes en Jackass
Iedereen weet wat risico betekent, wat in de praktijk echter opvalt dat zelfs met een gedeelde definitie van risico, er niet vanzelfsprekend hetzelfde begrip van risico ontstaat. Deze presentatie laat zien dat een tweetal eenvoudige toevoegingen aan een bekende risicoformule bijdraagt aan het herkennen van die verschillen in begrip. Ook maakt dit inzichtelijk waar die verschillen vandaan komen. Dit is met name van belang voor organisaties die te maken hebben met steeds complexere supply netwerken en daarmee samenhangende risico’s, maar ook voor de eigen organisatie waar het gaat om beter begrip van en communicatie over risico’s.
André Smulders
TNO

Ir. Andre (A.C.M.) Smulders CISSP werkt meer dan 20 jaar op het gebied van informatiebeveiliging, cybersecurity en risico management. Hij is de co-auteur van het boek “Foundations of Information Security – based on the ISO27001 and 27002“ en de TNO-publicatie “Networked Risk Management”. Daarnaast is hij een van de Digitaal Ambasadeurs in zijn woonwijk in Den Haag.

View profile
Connect via LinkedIn
14.55 - 15.25
Podium III
Managing behavioural risk: the key to sustainable organizational change
Céline Christensen
ING
Download
14.55 - 15.25
Podium III
Managing behavioural risk: the key to sustainable organizational change
Financial institutions have increasingly acknowledged that behaviour can be a root cause of problems affecting performance and integrity. In fact, people can make a cumbersome process work, but at the same time, it is people that can pose a risk – even in a solid process. This type of risk is referred to as “behavioural risk.” How exactly do behavioural patterns lead to risks for the organisation? And how can we identify and change impeding behavioural patterns? Questions like these will be addressed in this presentation where Céline Christensen explains how her team manages behavioural risk at ING.
Céline Christensen
ING

Céline Christensen joined ING in 2020 as Lead Behavioural Risk Management. Prior to ING she worked for the Dutch Authority for the Financial Markets (AFM) as the Head of the Culture & Behaviour supervision team. Céline studied Economics and Change Management at the VU in Amsterdam.

View profile
Connect via LinkedIn
14.55 - 15.25
Podium IV
National level supply chain risk management – the Israel case
Yigal Unna
Rescana - sponserd by Cert2Connect
14.55 - 15.25
Podium IV
National level supply chain risk management – the Israel case
Israel identified the challenges of securing its cyberspace and specifically supply chain to critical infrastructure and essentials, and the INCD in my tenure built strategy and implemented it using tools like Rescana to mitigate it, focusing on the Israeli version of Active Cyber Defense – 24/7 scanning for open vulnerabilities and other risk management practices (presented).
Yigal Unna
Rescana - sponserd by Cert2Connect

Former Director General of Israel national cyber directorate, Israel leading national cyber security agency, for 4 years until 2022. Overall 33 years in national security data warfare and cyber duties in Israel. Today private Cyber business man, and advisor to Rescana.

View profile
Connect via LinkedIn
15.25 - 15.35
Hall Change
15.25 - 15.35
Hall Change
15.35 - 16.05
Podium I
Insider Threat: Human Risk In The Digital Age
Sunette Runhaar
UBER
Download
15.35 - 16.05
Podium I
Insider Threat: Human Risk In The Digital Age
Insider threat is rapidly becoming the new buzzword in the security world. In the era of remote work and technological tools for every problem, how do we manage a much more human risk? In this session, Sunette Runhaar will explore what drives individuals to become insider threat and the different risks posed by malicious and unintentional insider threats. We’ll discuss how organizations can spot and build resilience against insider threats, balancing trust, control, and technology in their approach.
Sunette Runhaar
UBER

Sunette Runhaar is the Insider Threat Awareness Lead at Uber, helping to build the company’s first dedicated Insider Threat program. She has over eight years’ experience in risk consulting, investigations, and information security.
Before joining Uber, Sunette built and managed the InfoSec Education and Awareness Program at Tesla. She also spent four years working at a UK-headquartered risk consultancy, advising clients on anything from reputational risk, to pirates, and chemical warfare.
Sunette holds an MSc in Biochemistry from the University of Stellenbosch.

View profile
Connect via LinkedIn
15.35 - 16.05
Podium II
Managing models & their risks – introduction to model risk management framework
Melike Ozunlu
ING
Magdalena Chociej
ING
15.35 - 16.05
Podium II
Managing models & their risks – introduction to model risk management framework
The expanding scope of models and their increasing use have amplified the strategic importance of model risk management in the organizations. Digital ambition, data driven decision-making and efficiency maximization lead to businesses around the globe building strategies based on advanced analytics solutions. Most of the companies largely benefit from it, but it also brings new type of risk – model risk. Model risk is recognized across the organizations and managed as any other risk function. In this talk we would like to explain what model risk is and how to effectively manage it.
Melike Ozunlu
ING

Melike Ozunlu is a risk management professional with 11+ years of experience in the industry. She has held key roles in model risk in various organizations in US and EU including EY, The World Bank, Citizens Bank, and currently at ING as the Head of Model Risk Oversight as interim. Melike holds MS and Bachelor’s degrees in Financial Engineering and Physics.

View profile
Connect via LinkedIn
Magdalena Chociej
ING

Magdalena Chociej is a Model Risk expert at ING Group, with over six years’ experience in modelling and Data Science and two years’ experience in Model Risk Management. Magda has a background in Mathematics and Computer Science. As Model Risk expert she ensures Model Risk oversight for Analytics & Business Support models.

View profile
Connect via LinkedIn
15.35 - 16.05
Podium III
The increasing impact of EU law & fundamental rights on corporate risk
Fokke Jan van der Tol
ISACA NL Chapter
15.35 - 16.05
Podium III
The increasing impact of EU law & fundamental rights on corporate risk
The role of EU law & fundamental rights in managing corporate risk has increased enormously over the past years. The GDPR is just one example but there is more to come! Such as the Directive on corporate sustainability due diligence. All these regulatory developments have an impact on corporates and their supply chain management. In this session you will get an overview of the latest developments and what corporate risk managers may expect for the near future.
Fokke Jan van der Tol
ISACA NL Chapter

Fokke Jan van der Tol is a multilingual legal counsel with a holistic view on the interaction between legal issues and organisational performance in both local, international and multi-jurisdictional environments. Key areas of his expertise include EU regulatory compliance and risk management.

View profile
Connect via LinkedIn
15.35 - 16.05
Podium IV
Regulating Artificial Intelligence
Vincent Damen
Protiviti
Download
15.35 - 16.05
Podium IV
Regulating Artificial Intelligence
What is the new EU AI regulation act, how is it structured and what will be its impact. During this presentation we will explore the details of the new EU AI regulation act and how it will impact organizations and security professionals dealing with AI alike.
Vincent Damen
Protiviti

Vincent is Associate Director in the Technology Consulting and Internal Audit practice of Protiviti with 15+ years of experience in Information Security & Privacy, Security & IT Governance, Information Risk management and IT Audit & Control. Next to his consulting work at Protiviti, Vincent also lectures at the University of Amsterdam with the Executive Program of Digital Auditing (EPDA) and the Executive Program of Internal Auditing (EMIA).

View profile
Connect via LinkedIn
16.05 - 16.35
Coffee Break
16.05 - 16.35
Coffee Break
16.35 - 17.05
Podium I
Data and AI – The Risk of Inaction
Egge van der Poel
16.35 - 17.05
Podium I
Data and AI – The Risk of Inaction
Egge will discuss Data Science and the necessity to… develop a common language embrace true collaboration take away the mystics surrounding technology study practical examples develop new roles for professionals facilitate exchange across company/sector borders create speed demonstrate transformational leadership
Egge van der Poel

Egge is a beta with a touch of alpha and is an expert in the field of Data Science in healthcare. He holds a PhD in Experimental Particle Physics and a Bachelor in Philosophy. He does not easily fit into boxes and uses that ability to build bridges.

View profile
Connect via LinkedIn
17.05 - 17.35
Podium I
Create a risk-based governance system using COBIT
Mark Thomas
Escoute, LLC
17.05 - 17.35
Podium I
Create a risk-based governance system using COBIT
Best-practice frameworks have been developed and promoted to assist in the process of understanding, designing and implementing enterprise governance of I&T. COBIT builds on and integrates years of development in this field, operationalizing these insights as practice.  In this session, we will explore the essential elements of ISACA’s latest release and how it can be used to create a tailorable, risk based I&T governance system Learning Objectives Understand the key concepts of IT governance Recognize the primary aspects of the COBIT framework Design a tailorable, risk-based I&T governance system using COBIT
Mark Thomas
Escoute, LLC

Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, risk IT strategy and digital trust.   He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards.

View profile
Connect via LinkedIn
17.35 - 17.45
Podium I
Closure by ISACA Netherlands Chapter President
Dwayne Valkenburg
President ISACA NL Chapter
IT Auditor en IT Risk & Compliance Manager
17.35 - 17.45
Podium I
Closure by ISACA Netherlands Chapter President
Dwayne Valkenburg
President ISACA NL Chapter
IT Auditor en IT Risk & Compliance Manager

My name is Dwayne Valkenburg, I work as an IT Auditor and IT Risk & Compliance Manager. Since 2006, I have been active in the Managed IT Services & IT Outsourcing sector as an IT Engineer, switching to the IT Auditing profession at a BIG4 firm in 2013 and as of 2017, I founded Cyberus, an IT Assurance, Advisory & Consultancy firm.

I am also active on a voluntary basis since November 2014 with the professional associations the NOREA, ISACA and the IIA as, Chairman and Vice-Chairman of the Young Profs committees. In recent years, I have been responsible within the ISACA Board, with all events, webinars and conferences of ISACA Netherlands, as well as the Privacy and Young Profs working groups.

As of June 2022, I could call myself chairman of ISACA Netherlands and together with an enthusiastic and, above all, fun group of fellow volunteers, we may together offer a platform where we jointly take the profession of IT Auditing, IT Governance, IT Compliance, IT Security & IT Risk Management to a higher level.

If you have any questions, or are interested in working together, please feel free to contact me.

View profile
Connect via LinkedIn
17.45 - 20.00
Dinner & Drinks
17.45 - 20.00
Dinner & Drinks
<h1 class='my-heading'>Just some HTML</h1><?php echo 'The year is ' . date('Y'); ?>
document.addEventListener("DOMContentLoaded", function () {
  const container = document.querySelector(".risk-loop-container");
  if (!container) return;

  const kaarten = Array.from(container.querySelectorAll(".risk-card"));
  const rijen = {};

  // Sorteer alle kaarten eerst op starttijd
  kaarten.sort((a, b) => {
    const tijdA = a.getAttribute("risk-starttijd") || "";
    const tijdB = b.getAttribute("risk-starttijd") || "";
    return tijdA.localeCompare(tijdB);
  });

  // Verdeel kaarten per tijdslot
  kaarten.forEach((kaart) => {
    const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();

    if (!rijen[tijd]) {
      const rij = document.createElement("div");
      rij.classList.add("risk-row");
      rij.setAttribute("data-starttijd", tijd);
      container.appendChild(rij);
      rijen[tijd] = rij;
    }

    rijen[tijd].appendChild(kaart);
  });

  // Sorteer binnen elke rij op data-podium
  Object.values(rijen).forEach((rij) => {
    const cards = Array.from(rij.querySelectorAll(".risk-card"));

    cards.sort((a, b) => {
      const pA = parseInt(a.getAttribute("data-podium")) || 999;
      const pB = parseInt(b.getAttribute("data-podium")) || 999;
      return pA - pB;
    });

    cards.forEach((kaart) => rij.appendChild(kaart));
  });
});
function sorteerEnGroepeerKaarten() {
  const container = document.querySelector(".risk-loop-container");
  if (!container) return;

  // Verwijder oude rijen (voor het opnieuw opbouwen)
  container.querySelectorAll(".risk-row").forEach((el) => el.remove());

  // Zoek alle kaarten
  const kaarten = Array.from(container.querySelectorAll(".risk-card"));
  const rijen = {};

  // Sorteer kaarten op starttijd
  kaarten.sort((a, b) => {
    const tijdA = a.getAttribute("risk-starttijd") || "";
    const tijdB = b.getAttribute("risk-starttijd") || "";
    return tijdA.localeCompare(tijdB);
  });

  // Groepeer kaarten per tijdslot
  kaarten.forEach((kaart) => {
    const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();

    if (!rijen[tijd]) {
      const rij = document.createElement("div");
      rij.classList.add("risk-row");
      rij.setAttribute("data-starttijd", tijd);

      // 🔧 Dit is waar de grid toegepast moet worden:
      rij.style.display = "grid";
      rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
      rij.style.gap = "1rem";

      container.appendChild(rij);
      rijen[tijd] = rij;
    }

    rijen[tijd].appendChild(kaart);
  });

  // Sorteer binnen elke rij op podium-nummer
  Object.values(rijen).forEach((rij) => {
    const cards = Array.from(rij.querySelectorAll(".risk-card"));

    cards.sort((a, b) => {
      const pA = parseInt(a.getAttribute("data-podium")) || 999;
      const pB = parseInt(b.getAttribute("data-podium")) || 999;
      return pA - pB;
    });

    cards.forEach((kaart) => rij.appendChild(kaart));
  });
}

// Initieel en bij AJAX reload
document.addEventListener("DOMContentLoaded", sorteerEnGroepeerKaarten);
document.addEventListener("bricks/ajax/nodes_added", sorteerEnGroepeerKaarten);

function sorteerEnGroepeerKaarten() {
  const container = document.querySelector(".risk-loop-container");
  if (!container) return;

  // Verwijder oude gegroepeerde rijen
  container.querySelectorAll(".risk-row").forEach((el) => el.remove());

  // Verzamel en sorteer alle kaarten op starttijd
  const kaarten = Array.from(container.querySelectorAll(".risk-card"));
  const rijen = {};

  kaarten.sort((a, b) => {
    const tijdA = a.getAttribute("risk-starttijd") || "";
    const tijdB = b.getAttribute("risk-starttijd") || "";
    return tijdA.localeCompare(tijdB);
  });

  // Groepeer kaarten per tijdslot
  kaarten.forEach((kaart) => {
    const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();

    if (!rijen[tijd]) {
      const rij = document.createElement("div");
      rij.classList.add("risk-row");
      rij.setAttribute("data-starttijd", tijd);
      rij.style.display = "grid";
      rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
      rij.style.gap = "1rem";

      container.appendChild(rij);
      rijen[tijd] = rij;
    }

    rijen[tijd].appendChild(kaart);
  });

  // Sorteer binnen elk tijdslot op podium
  Object.values(rijen).forEach((rij) => {
    const cards = Array.from(rij.querySelectorAll(".risk-card"));
    cards.sort((a, b) => {
      const pA = parseInt(a.getAttribute("data-podium")) || 999;
      const pB = parseInt(b.getAttribute("data-podium")) || 999;
      return pA - pB;
    });
    cards.forEach((kaart) => rij.appendChild(kaart));
  });
}

function initKaarten() {
  sorteerEnGroepeerKaarten();

  const container = document.querySelector(".risk-loop-container");

  // Herinitialiseer Bricks Extras Lightbox
  if (typeof doExtrasLightbox === "function" && container) {
    doExtrasLightbox(container, true);
    console.info("✅ Bricks Extras Lightbox opnieuw geïnitialiseerd");
  } else {
    console.warn("⚠️ Bricks Extras Lightbox functie niet beschikbaar of container niet gevonden");
  }
}

// Init bij paginalaad
document.addEventListener("DOMContentLoaded", initKaarten);

// Init na AJAX/facet filtering
document.addEventListener("bricks/ajax/nodes_added", initKaarten);

Location

This year’s Risk Event took place at Spant!, a modern and inspiring venue in the heart of the Netherlands. Located in Bussum, just 25 minutes from Amsterdam and easily accessible by car and public transport.

Spant!
Dr. A. Kuyperlaan 3
1402 SBBussum

We do our best with using as less posible cookies and tracking. By continuing to use this site, you acknowledge and accept our use of functional cookies. However, some external services require your permission to place cookies.

Accept All Accept Required Only