The 6th ISACA Risk Event Wednesday, November 12, 2025 Spant!, Bussum
Join us for a new edition of the Risk Event, where cutting-edge insights meet practical expertise in the world of risk, governance, and cybersecurity.
Organized in collaboration with IIA, NOREA, and PvIB.
Risk Event 2025
Securing the Digital Frontier
Track 1: Geopolitical Risks & Digital Sovereignty
From crisis to control: leaders today must navigate the intersection of geopolitics and digital risk. This track examines how global tensions, sanctions, compliance requirements, and supply chain dependencies impact cybersecurity and IT risk management. Discover how digital sovereignty, AI-driven threats, and governance frameworks are shaping the security strategies of tomorrow. From cloud infrastructure to crisis response, and from sanctions to security strategy, the challenges are real. But so are the solutions.
Track 2: Resilience Through Cooperation
Resilience is not a solo act, it’s a team sport. In today’s hyperconnected world, no organization can face digital threats alone. This track explores how trust, knowledge sharing, and collaboration, internally and across entire ecosystems are the cornerstones of resilience.
Learn how leading organizations are building collective defenses, aligning teams before crisis strikes, and strengthening resilience across supply chains. Hear first-hand lessons from leaders at Microsoft, Port of Rotterdam, Schiphol, and ING.
Track 3: Innovation & Opportunities
A dedicated track focused on Innovation and Opportunities in today’s dynamic and interconnected world. From shifting geopolitical landscapes to the rise of digital transformation, this track explores how organizations can identify and navigate emerging risks, not by avoiding change, but by understanding the risks it brings and turning them into strategic opportunities.
Track 4: Going Concern vs. Disruption
Some risks never disappear, but disruption keeps reshaping them. This track examines the balancing act organizations must perform: safeguarding enduring concerns while adapting to disruptive forces like AI, quantum threats, and geopolitical competition. Explore the future of cloud security, AI-driven manipulation, and post-quantum cryptography, and rethink human awareness in an era of hyper-realistic deception. This track is about where the familiar meets the future, and how to navigate both.
Workshop
Secure your ticket now.
Aftermovie
Programme Risk Event 2025
Geopolitical risks and digital sovereignty
Resilience through Cooperation
Innovation & Opportunities
Going concern vs Disruption
Workshop
My name is Dwayne Valkenburg, I work as an IT Auditor and IT Risk & Compliance Manager. Since 2006, I have been active in the Managed IT Services & IT Outsourcing sector as an IT Engineer, switching to the IT Auditing profession at a BIG4 firm in 2013 and as of 2017, I founded Cyberus, an IT Assurance, Advisory & Consultancy firm.
I am also active on a voluntary basis since November 2014 with the professional associations the NOREA, ISACA and the IIA as, Chairman and Vice-Chairman of the Young Profs committees. In recent years, I have been responsible within the ISACA Board, with all events, webinars and conferences of ISACA Netherlands, as well as the Privacy and Young Profs working groups.
As of June 2022, I could call myself chairman of ISACA Netherlands and together with an enthusiastic and, above all, fun group of fellow volunteers, we may together offer a platform where we jointly take the profession of IT Auditing, IT Governance, IT Compliance, IT Security & IT Risk Management to a higher level.
If you have any questions, or are interested in working together, please feel free to contact me.
Erik is an Information Management professor at University of Manchester – UK. His research focusses on digital transformations, data analytics, corporate governance and platforms. Erik is also an external advisor of Bain & Company and an independent member of the data committee of Royal FloraHolland. Furthermore, he has 30 years of international industry and consulting experience, including Accenture, Boston Consulting Group and KPMG.
Experienced managing director and non-executive board member in healthcare, insurance and education.
The fascinating intersection of business and IT is a common thread in my career. So is the balance between the drive for innovation while keeping safe, secure and compliant.
Author of the books “Cyber in the Board” and “Leadership in the AI-era”.
Marijn van Schoote studied Computer Engineering and Business Information Systems in Twente. After working for several years as an IT auditor at Deloitte, he spent over a decade as Chief Information Security Officer (CISO), responsible for the digital resilience of the Port of Rotterdam Authority. Currently, Marijn is the Managing Director of Ferm-Seaports.
Kevin is COO at Northwave. With a past in law enforcement, consulting and cyber providers, he helps clients across Europe navigate evolving threats, tech and compliance mazes. He believes cybersecurity is about people, not just tech, and that no one should need a regulation bingo card to do their job.
For the last decade, security architect Sander Dorigo has been working on the (cryptographic) security of applications, systems and (financial) data streams. Sander started as a security engineer working for a variety of defense contractors and joined the financial sector as a cryptographic consultant. From there, he moved to Sentyron where he works on certified high assurance products for security focused customers.
Luuk Danes, founder of Cryptography in Context, is a trainer, speaker, and advisor. Combining a focus on people and processes with technical expertise, he helps organizations make cryptography work in practice. He has authored and teaches acclaimed courses on cryptography, digital certificates, and quantum-safe migration.
Arda helpt organisaties hun medewerkers echt cyberbewust te maken. Met een innovatief awarenessplatform, realistische simulaties en serious games zoals Skywave, leert Arda teams om veilig te handelen. Niet in theorie, maar in de praktijk. Wilbert begeleidt deze serious game.
Wil je weten hoe het werkt? Bekijk ook de teaser via de YouTube video onderaan de pagina.
Zoëlle Yusufi is voorzitter van de Professional Practices for Artificial Intelligence bij IIA Nederland en als strategisch IT-audit- en security-adviseur werkzaam voor het ministerie van economische zaken. Zij slaat de brug tussen governance, risico en AI en bevordert ethisch leiderschap op het gebied van digitale soevereiniteit, veerkracht en mensgerichte strategie.
Esther Schagen-van Luit is Chief Security Advisor Netherlands at Microsoft. Previously she was CISO of Deloitte Netherlands, Dutch Caribbean & Belgium. She brings a knowledge of IT, cybersecurity, risk and organizational transformation to the table. Esther works to get more women in cybersecurity and features on MT/Sprout’s 2025 Inclusive30 list.
Sandeep is co-founder of Brightlyn, a cybersecurity and audit firm with a specialisation in DORA implementation. He chairs the DORA Taskforce and DevOps Working Group at NOREA, and lectures at several universities on these topics.
Sandeep is also (co-)author of several leading control frameworks such as: DORA, NIS2, Ransomware and DevOps.
Chris Karelse is an expert in people centered security. He founded non-profit foundation Security Awareness NL in 2015. He received the SANS Security Awareness Leader medal and the Security Culture Person of the year Award, both in 2017. Chris developed and managed various programs in large organizations to strengthen security behaviour, including the global Beyond Awareness Program for a large Dutch bank in 2021 till 2023. He coaches and teaches on security behaviour for several universities and academies. Chris founded Securiour in 2024 to make a stronger case for people centered security.
Arda helpt organisaties hun medewerkers echt cyberbewust te maken. Met een innovatief awarenessplatform, realistische simulaties en serious games zoals Skywave, leert Arda teams om veilig te handelen. Niet in theorie, maar in de praktijk. Wilbert begeleidt deze serious game.
Wil je weten hoe het werkt? Bekijk ook de teaser via de YouTube video onderaan de pagina.
Bart maakt deel uit van het Dispute Resolution team en procedeert over herstructurering en insolventierecht, incasso en uitwinning van zakelijke en persoonlijke zekerheidsrechten, bankgaranties, zorgplicht en andere bank gerelateerde onderwerpen. Bart is ook gespecialiseerd in beslag- en executierecht, in welke rol hij verschillende praktijkgroepen binnen het kantoor ondersteunt.
Bram is werkzaam als advocaat op de sectie Financial Litigation (onderdeel van Civil Law). Hij procedeert namens banken, financiële instellingen en ondernemingen in zowel nationale als grensoverschrijdende geschillen en adviseert op het gebied van commercieel contractenrecht, verzekeringsrecht en (bancair) aansprakelijkheidsrecht.
Chris is a seasoned IT executive with over two decades of experience across the (semi)public and private sectors. Since 2023, he has served as Head of the CIO Office at Schiphol Group, where he leads the development and oversight of the airport’s IT strategy, IT governance, enterprise architecture and cybersecurity initiatives
Evelien is Program Manager Cyber Security at Schiphol Group. She translates strategy into action and drives collaboration across teams and partners. As co-developer of Schiphol’s Cyber Security Target Operating Model and the CYSSEC initiative, she embeds cybersecurity into the organization’s way of working.
PhD candidate at the Faculty of Technology, Policy and Management of Delft University of Technology. Her research focuses on developing a roadmap for organizations to achieve quantum safety. Her PhD research is part of a larger project called HAPKIDO (Hybrid Approach for quantum-safe Public Key Infrastructure Development for Organizations).
Anna is a cybersecurity leader specializing in data security, enterprise risk management, and compliance. With 12+ years of experience across academia, consulting (EY), and industry (Philips), she combines deep technical knowledge with strategic insight. Her diverse background enables her to stay ahead of emerging developments, adapt her expertise to varied contexts and stakeholders, and consistently deliver complex projects from strategy through execution.
Arda helpt organisaties hun medewerkers echt cyberbewust te maken. Met een innovatief awarenessplatform, realistische simulaties en serious games zoals Skywave, leert Arda teams om veilig te handelen. Niet in theorie, maar in de praktijk. Wilbert begeleidt deze serious game.
Wil je weten hoe het werkt? Bekijk ook de teaser via de YouTube video onderaan de pagina.
Dimitri van Zantvliet is verantwoordelijk voor de cyberveiligheidsstrategie van een van de meest complexe en vitale organisaties van Nederland: de Nederlandse Spoorwegen. Met ruim dertig jaar ervaring in CIO-, CTO- en CISO-rollen binnen zowel overheid als bedrijfsleven, combineert hij technische diepgang met strategisch inzicht in het speelveld rondom kritieke infrastructuren.
Naast zijn rol bij NS is hij actief in de cybersecurity-gemeenschap, onder andere als lid van de adviesraad van het Nationaal Cyber Security Centrum (NCSC), co-voorzitter van de Dutch en European Rail ISAC, adviseur bij CyberSenate en medeoprichter van de Dutch CISO Foundation. Ook is hij ambassadeur voor de Global Council of Responsible AI en betrokken bij meerdere startups in governance-gedreven technologie.
Zijn werk en visie worden regelmatig aangehaald in vakpublicaties zoals Global Railway Review, Helpnet Security, Computable, CISO Series en Enterprise Security. Dimitri koppelt inzichten uit de spoorsector, Europese wetgeving en geopolitieke verschuivingen om te laten zien wat digitale transitie écht betekent voor organisaties die niet stil mogen vallen.
Jeroen de Groot is product manager of Systemic Cause Investigators, the team responsible for postmortems of P1 incidents and Major Incidents in ING. He has 20+ years of experience in Major Incident Management in ING. First in the Central Major Incident Management team for the Netherlands, later as product manager for Global Major Incident Management. Since March 2025 he is leading the new team for Systemic Cause Investigation.
Professor Peter Roelofsma is a distinguished expert in the fields of risk management and cyber security. In August 2023, he joined the Risk Management & Cyber Security research group at The Hague University of Applied Sciences (THUAS). Prior to this, he was part of the Safety and Security Science section at Delft University of Technology, the Vrije Universiteit Amsterdam and Leeds University Business School.
Gülnur is the AI Audit Manager at ABN AMRO, where she leads the AI Auditor Group. In parallel, Gülnur contributes to the AI Assurance Working Group of NOREA, the Dutch professional association for IT auditors, and pursues a PhD at the University of Amsterdam, focusing on AI literacy and responsible AI.
Mona is Partner Data & AI at PwC Netherlands, where she leads the Trust in AI practice. Mona is Chair of the AI Assurance working group of the Dutch professional association for IT auditors (NOREA), and a lecturer and scientific researcher at the University of Amsterdam.
Arda helpt organisaties hun medewerkers echt cyberbewust te maken. Met een innovatief awarenessplatform, realistische simulaties en serious games zoals Skywave, leert Arda teams om veilig te handelen. Niet in theorie, maar in de praktijk. Wilbert begeleidt deze serious game.
Wil je weten hoe het werkt? Bekijk ook de teaser via de YouTube video onderaan de pagina.
Debbie Janeczek is the Chief Information Security Officer at ING. Prior to joining ING, Debbie led the Swift Global Security Organization. The Society for Worldwide Interbank Financial Telecommunications is a global messaging system that is used to facilitate transactions between banks across national borders.
Prior to Swift, Debbie was a Technology Executive at Wells Fargo leading the Cyber Threat Management Function, driving proactive resiliency against cyber-attacks through monitoring, analysis and continuous assessment of the threat landscape, driving tangible risk mitigation across the enterprise.
Before joining Wells Fargo, Debbie was the Director of Information Security at Twilio, where she led Cloud Security, Enterprise Security, Product Security, and Vulnerabilities Management. Debbie was also the Director of Cyber Threat Intelligence at American Express and served on the Executive Committee for the Financial Services-Information Sharing and Analysis Center (FS-ISAC). She held other key security roles during her career, including Adjunct Instructor at the University of Maryland-Baltimore County, Team lead for Cyber Planning at the National Security Agency (NSA), and Deputy Branch Chief at USCYBERCOM, and carried out key assignments with the National Geospatial Intelligence Agency and Defense Intelligence Agency.
Debbie served as an active-duty Intelligence Officer in the United States Navy serving in both Operation Enduring Freedom in Afghanistan and Operation Iraqi Freedom.
Investigative journalist, working at De Volkskrant, with focus on intelligence agencies and the digital world. Author of two bestsellers.
<h1 class='my-heading'>Just some HTML</h1><?php echo 'The year is ' . date('Y'); ?>document.addEventListener("DOMContentLoaded", function () {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
// Sorteer alle kaarten eerst op starttijd
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Verdeel kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elke rij op data-podium
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
});function sorteerEnGroepeerKaarten() {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
// Verwijder oude rijen (voor het opnieuw opbouwen)
container.querySelectorAll(".risk-row").forEach((el) => el.remove());
// Zoek alle kaarten
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
// Sorteer kaarten op starttijd
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Groepeer kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
// 🔧 Dit is waar de grid toegepast moet worden:
rij.style.display = "grid";
rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
rij.style.gap = "1rem";
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elke rij op podium-nummer
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
}
// Initieel en bij AJAX reload
document.addEventListener("DOMContentLoaded", sorteerEnGroepeerKaarten);
document.addEventListener("bricks/ajax/nodes_added", sorteerEnGroepeerKaarten);
function sorteerEnGroepeerKaarten() {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
// Verwijder oude gegroepeerde rijen
container.querySelectorAll(".risk-row").forEach((el) => el.remove());
// Verzamel en sorteer alle kaarten op starttijd
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Groepeer kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
rij.style.display = "grid";
rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
rij.style.gap = "1rem";
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elk tijdslot op podium
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
}
function initKaarten() {
sorteerEnGroepeerKaarten();
const container = document.querySelector(".risk-loop-container");
// Herinitialiseer Bricks Extras Lightbox
if (typeof doExtrasLightbox === "function" && container) {
doExtrasLightbox(container, true);
console.info("✅ Bricks Extras Lightbox opnieuw geïnitialiseerd");
} else {
console.warn("⚠️ Bricks Extras Lightbox functie niet beschikbaar of container niet gevonden");
}
}
// Init bij paginalaad
document.addEventListener("DOMContentLoaded", initKaarten);
// Init na AJAX/facet filtering
document.addEventListener("bricks/ajax/nodes_added", initKaarten);
Location
This year’s Risk Event takes place at Spant!, a modern and inspiring venue in the heart of the Netherlands. Located in Bussum, just 25 minutes from Amsterdam and easily accessible by car and public transport.
Spant!
Dr. A. Kuyperlaan 3
1402 SB, Bussum
Gallery
Take a look back at Risk Event 2024. A day full of inspiring talks, lively discussions, and meaningful connections.
Scroll through the highlights and relive the atmosphere, the energy, and the people who made it unforgettable.
