
The 6th ISACA Risk Event Wednesday, November 12, 2025 Spant!, Bussum
Join us for a new edition of the Risk Event, where cutting-edge insights meet practical expertise in the world of risk, governance, and cybersecurity.
Organized in collaboration with IIA, NOREA, and PvIB.
Risk Event 2025
Securing the Digital Frontier
Track 1: Resilience Through Cooperation
Resilience is not a solo act, it’s a team sport. In today’s hyperconnected world, no organization can face digital threats alone. This track explores how trust, knowledge sharing, and collaboration, internally and across entire ecosystems are the cornerstones of resilience.
Learn how leading organizations are building collective defenses, aligning teams before crisis strikes, and strengthening resilience across supply chains. Hear first-hand lessons from leaders at Microsoft, Port of Rotterdam, Schiphol, and ING.
Track 2: Innovation & Opportunities
A dedicated track focused on Innovation and Opportunities in today’s dynamic and interconnected world. From shifting geopolitical landscapes to the rise of digital transformation, this track explores how organizations can identify and navigate emerging risks, not by avoiding change, but by understanding the risks it brings and turning them into strategic opportunities.
Track 3: Going Concern vs. Disruption
Some risks never disappear, but disruption keeps reshaping them. This track examines the balancing act organizations must perform: safeguarding enduring concerns while adapting to disruptive forces like AI, quantum threats, and geopolitical competition. Explore the future of cloud security, AI-driven manipulation, and post-quantum cryptography, and rethink human awareness in an era of hyper-realistic deception. This track is about where the familiar meets the future, and how to navigate both.
Track 4: Geopolitical Risks & Digital Sovereignty
From crisis to control: leaders today must navigate the intersection of geopolitics and digital risk. This track examines how global tensions, sanctions, compliance requirements, and supply chain dependencies impact cybersecurity and IT risk management. Discover how digital sovereignty, AI-driven threats, and governance frameworks are shaping the security strategies of tomorrow. From cloud infrastructure to crisis response, and from sanctions to security strategy, the challenges are real. But so are the solutions.
Workshop
Secure your ticket now. Early bird tickets available until October 12, 2025!
Aftermovie
Programme Risk Event 2025
Resilience Through Cooperation
Innovation & Opportunities
Going Concern vs. Disruption
Geopolitical Risks & Digital Sovereignty
Workshop

Erik is an Information Management professor at University of Manchester – UK. His research focusses on digital transformations, data analytics, corporate governance and platforms. Erik is also an external advisor of Bain & Company and an independent member of the data committee of Royal FloraHolland. Furthermore, he has 30 years of international industry and consulting experience, including Accenture, Boston Consulting Group and KPMG.

Werner Zuurbier began his journey in public administration studies during the dawn of the internet—and from that moment, digital transformation has woven through both his personal and professional life. He is passionate about strategic challenges and guiding complex change processes, often navigating the dynamic intersection of business and technology.
As of July 1, 2025, Werner took on the role of Director‑Board Member at GERRIT, following his tenure as CIO and Manager of Information & Care Technology at Spaarne Gasthuis
Over the years, he has served as an (interim) C‑level executive, director, and senior manager across healthcare, insurance, and consultancy—and continues to contribute as a non‑executive board member in the healthcare, education, and insurance sectors, and formerly in government cenvio.com.
Werner is also a published author. His most recent work, Leadership in the AI Era – Four Qualities of a Transformational Leader, released in March 2025, explores vision, risk, moral, and cultural leadership in the context of the AI-driven digital revolution. He previously authored Cyber in the Board – Supervising Digital Transformation in 2022, offering practical guidance to board members and supervisors navigating digital change

Marijn van Schoote has a diverse work experience in the fields of IT operations, service management, cyber security, and risk management. They have held various roles at different companies, including Port of Rotterdam, Deloitte Enterprise Risk Services, and Océ Technologies. At Port of Rotterdam, Marijn has been the Head of IT Operations & Service Management and CISO, responsible for ensuring reliable and secure IT services for the company. They have also served as a Cyber security officer at FERM-Rotterdam, focusing on digital resilience. Prior to their role at Port of Rotterdam, Marijn worked as a Manager/IT Auditor at Deloitte and in research at Océ Technologies.
Marijn van Schoote completed a Post Master Degree in Postdoc IT auditing from Erasmus University Rotterdam from 2006 to 2008. Prior to that, from 2003 to 2005, Marijn earned an MSc in Business Information Technology from the University of Twente. Before that, Marijn attended Saxion University of Applied Sciences from 1999 to 2003 and received an Ing, BSc degree in Computer Science. There is no information available about Marijn’s education before attending Saxion University of Applied Sciences.

Kevin is COO at Northwave. With a past in law enforcement, consulting and cyber providers, he helps clients across Europe navigate evolving threats, tech and compliance mazes. He believes cybersecurity is about people, not just tech, and that no one should need a regulation bingo card to do their job.

the lead for cryptography at the SECO-Institute. He has authored and teaches several highly rated courses on cryptography, digital certificates, and the migration to quantum-safe cryptography. Luuk is a trainer, speaker, and advisor, and the founder of Cryptography in Context. He helps organizations and professionals make informed decisions and take appropriate steps to apply cryptography effectively. Combining a strong focus on people and processes with his technical and mathematical expertise, Luuk ensures that cryptography works in real-world settings. For over 15 years, he has contributed to high-impact projects in both the public and private sectors.

Zoëlle Yusufi is Chair of Professional Practices for
Artificial Intelligence at IIA Netherlands and a strategic IT audit and security expert at RVO Netherlands. She bridges governance, risk and AI, championing ethical leadership in digital sovereignty, resilience, and human-centered strategy.

Esther Schagen-van Luit is Chief Security Advisor Netherlands at Microsoft. Previously she was CISO of Deloitte Netherlands, Dutch Caribbean & Belgium. She brings a knowledge of IT, cybersecurity, risk and organizational transformation to the table. Esther works to get more women in cybersecurity and features on MT/Sprout’s 2025 Inclusive30 list.

Sandeep is co-founder of Brightlyn, a cybersecurity and audit firm with a specialisation in DORA implementation. He chairs the DORA Taskforce and DevOps Working Group at NOREA, and lectures at several universities on these topics.
Sandeep is also (co-)author of several leading control frameworks such as: DORA, NIS2, Ransomware and DevOps.

In a world of new AI threats like deepfakes and smart attacks, we need to reconsider trust and defense. With the rise of digital illusions, traditional security awareness is not enough. In his talk, Chris addresses some of these threats and includes a newer approach from awareness to resilience. He advocates a practical approach to strengthen the resilience and security cultures of your organization. Using current examples, and including new opportunities you can implement in your organization immediately.


Chris is a seasoned IT executive with over two decades of experience across the (semi)public and private sectors. Since 2023, he has served as Head of the CIO Office at Schiphol Group, where he leads the development and oversight of the airport’s IT strategy, IT governance, enterprise architecture and cybersecurity initiatives

Evelien is Program Manager Cyber Security at Schiphol Group. She translates strategy into action and drives collaboration across teams and partners. As co-developer of Schiphol’s Cyber Security Target Operating Model and the CYSSEC initiative, she embeds cybersecurity into the organization’s way of working.

PhD candidate at the Faculty of Technology, Policy and Management of Delft University of Technology. Her research focuses on developing a roadmap for organizations to achieve quantum safety. Her PhD research is part of a larger project called HAPKIDO (Hybrid Approach for quantum-safe Public Key Infrastructure Development for Organizations).

Anna is an experienced cybersecurity leader with over 12 years of success aligning technical security expertise with governance, risk, and compliance strategies to protect sensitive data, AI systems, and critical business processes. she designs and implements comprehensive security frameworks that blend deep technical knowledge with organizational dynamics and regulatory requirements — building resilient, adaptive “immune systems” for organizations.

Dimitri is the Cybersecurity Director / Chief Information Security Officer (CISO) at Dutch Railways (NS). He serves as member of the advisory board of the Dutch NCSC, the Dutch CISO Circle of Trust, is co-founder of the Dutch CISO Foundation and CISO Community, is co-chair of both the Dutch and European Rail ISAC and the Rail CISO Forum. In addition to being an international speaker and columnist, Dimitri is a cyber lecturer, editorial board member of the Global Railway Review journal and advisory board member of Cybersenate. As an Ambassador to the Global Council of Responsible AI and an angel investor in several startups, he actively contributes to the advancement of technology, cybersecurity- and AI governance.
With three decades of experience as a CIO, CTO, and CISO, Dimitri has worked across multinational corporations, local governments, the Dutch Olympic Committee, and now Dutch Railways. As a lifelong digital engineer, he holds several academic qualifications and a range of esteemed cybersecurity certifications, including CISSP, CRISC, CISA, CISM, CDPSE, CIPP/E, CIPM, and FIP.
Dimitri combines technical expertise with strategic vision, making him a prominent voice in the cybersecurity and AI governance critical infrastructure landscape.
He has been quoted and featured in major publications and outlets, including Computable, Global Railway Review, Enterprise Security, ICT Media, CISO Series, Enisa, CIO.inc, Helpnet Security, CIO TV, IB Magazine and Cybercrime Info


Professor Peter Roelofsma is a distinguished expert in the fields of risk management and cyber security. In August 2023, he joined the Risk Management & Cyber Security research group at The Hague University of Applied Sciences (THUAS). Prior to this, he was part of the Safety and Security Science section at Delft University of Technology, where he worked at the Center for Safety in Healthcare. His extensive experience spans various domains, including healthcare, smart cities, military command and control, aeronautical control, intertemporal choice and risk management in traffic tunnels. He has also worked in the departments of computer science, artificial intelligence, and economics.
Professor Roelofsma completed his studies in Psychology with Cum Laude honors. For his PhD, he received the prestigious ‘de Finetti’ award from the European Association for Decision Making and Subjective Utility, Probability, and Decision Making (EADM/SPUDM), recognizing his outstanding contributions to the field. He worked also at the departments of Psychology, Computer Science/AI, Communication Science and Sociology.
His recent work addresses critical issues such as organizational learning, shared mental models, safe and secure by design principles, and the use of AI-coaching and sensors for enhancing safety and security. His interdisciplinary approach and focus on practical applications make his contributions highly impactful in both academic and real-world contexts.
A year ago, there was no research group in the THUAS lectorate. Under Professor Roelofsma’s leadership, the group has grown to include about 10 members. In the first year, he successfully acquired initial funding for the cybersecurity living lab, which has recently started. This innovative lab aims to advance cyber security practices through innovative research and practical applications.
One of Professor Roelofsma’s notable achievements with his research group is the application of network-oriented modeling as a cyber risk analysis method. This innovative approach has proven successful and has been a cornerstone of his research group’s efforts. Together with students from the Safety and Security Management Studies program at THUAS, his group has produced a variety of impactful papers, contributing significantly to the field of cyber security.
Professor Roelofsma’s work continues to shape the future of risk management and cyber security, providing valuable insights and solutions to complex challenges in cyber security and risk management. His leadership and innovative ideas ensure that his research group remains at the forefront of advancements in these critical areas.

Debbie Janeczek is the Chief Information Security Officer at ING. Prior to joining ING, Debbie led the Swift Global Security Organization. The Society for Worldwide Interbank Financial Telecommunications is a global messaging system that is used to facilitate transactions between banks across national borders.
Prior to Swift, Debbie was a Technology Executive at Wells Fargo leading the Cyber Threat Management Function, driving proactive resiliency against cyber-attacks through monitoring, analysis and continuous assessment of the threat landscape, driving tangible risk mitigation across the enterprise.
Before joining Wells Fargo, Debbie was the Director of Information Security at Twilio, where she led Cloud Security, Enterprise Security, Product Security, and Vulnerabilities Management. Debbie was also the Director of Cyber Threat Intelligence at American Express and served on the Executive Committee for the Financial Services-Information Sharing and Analysis Center (FS-ISAC). She held other key security roles during her career, including Adjunct Instructor at the University of Maryland-Baltimore County, Team lead for Cyber Planning at the National Security Agency (NSA), and Deputy Branch Chief at USCYBERCOM, and carried out key assignments with the National Geospatial Intelligence Agency and Defense Intelligence Agency.
Debbie served as an active-duty Intelligence Officer in the United States Navy serving in both Operation Enduring Freedom in Afghanistan and Operation Iraqi Freedom.

Investigative journalist, working at De Volkskrant, with focus on intelligence agencies and the digital world. Author of two bestsellers.

My name is Dwayne Valkenburg, I work as an IT Auditor and IT Risk & Compliance Manager. Since 2006, I have been active in the Managed IT Services & IT Outsourcing sector as an IT Engineer, switching to the IT Auditing profession at a BIG4 firm in 2013 and as of 2017, I founded Cyberus, an IT Assurance, Advisory & Consultancy firm.
I am also active on a voluntary basis since November 2014 with the professional associations the NOREA, ISACA and the IIA as, Chairman and Vice-Chairman of the Young Profs committees. In recent years, I have been responsible within the ISACA Board, with all events, webinars and conferences of ISACA Netherlands, as well as the Privacy and Young Profs working groups.
As of June 2022, I could call myself chairman of ISACA Netherlands and together with an enthusiastic and, above all, fun group of fellow volunteers, we may together offer a platform where we jointly take the profession of IT Auditing, IT Governance, IT Compliance, IT Security & IT Risk Management to a higher level.
If you have any questions, or are interested in working together, please feel free to contact me.
<h1 class='my-heading'>Just some HTML</h1><?php echo 'The year is ' . date('Y'); ?>
document.addEventListener("DOMContentLoaded", function () { const container = document.querySelector(".risk-loop-container"); if (!container) return; const kaarten = Array.from(container.querySelectorAll(".risk-card")); const rijen = {}; // Sorteer alle kaarten eerst op starttijd kaarten.sort((a, b) => { const tijdA = a.getAttribute("risk-starttijd") || ""; const tijdB = b.getAttribute("risk-starttijd") || ""; return tijdA.localeCompare(tijdB); }); // Verdeel kaarten per tijdslot kaarten.forEach((kaart) => { const tijd = (kaart.getAttribute("risk-starttijd") || "").trim(); if (!rijen[tijd]) { const rij = document.createElement("div"); rij.classList.add("risk-row"); rij.setAttribute("data-starttijd", tijd); container.appendChild(rij); rijen[tijd] = rij; } rijen[tijd].appendChild(kaart); }); // Sorteer binnen elke rij op data-podium Object.values(rijen).forEach((rij) => { const cards = Array.from(rij.querySelectorAll(".risk-card")); cards.sort((a, b) => { const pA = parseInt(a.getAttribute("data-podium")) || 999; const pB = parseInt(b.getAttribute("data-podium")) || 999; return pA - pB; }); cards.forEach((kaart) => rij.appendChild(kaart)); }); });
function sorteerEnGroepeerKaarten() { const container = document.querySelector(".risk-loop-container"); if (!container) return; // Verwijder oude rijen (voor het opnieuw opbouwen) container.querySelectorAll(".risk-row").forEach((el) => el.remove()); // Zoek alle kaarten const kaarten = Array.from(container.querySelectorAll(".risk-card")); const rijen = {}; // Sorteer kaarten op starttijd kaarten.sort((a, b) => { const tijdA = a.getAttribute("risk-starttijd") || ""; const tijdB = b.getAttribute("risk-starttijd") || ""; return tijdA.localeCompare(tijdB); }); // Groepeer kaarten per tijdslot kaarten.forEach((kaart) => { const tijd = (kaart.getAttribute("risk-starttijd") || "").trim(); if (!rijen[tijd]) { const rij = document.createElement("div"); rij.classList.add("risk-row"); rij.setAttribute("data-starttijd", tijd); // 🔧 Dit is waar de grid toegepast moet worden: rij.style.display = "grid"; rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))"; rij.style.gap = "1rem"; container.appendChild(rij); rijen[tijd] = rij; } rijen[tijd].appendChild(kaart); }); // Sorteer binnen elke rij op podium-nummer Object.values(rijen).forEach((rij) => { const cards = Array.from(rij.querySelectorAll(".risk-card")); cards.sort((a, b) => { const pA = parseInt(a.getAttribute("data-podium")) || 999; const pB = parseInt(b.getAttribute("data-podium")) || 999; return pA - pB; }); cards.forEach((kaart) => rij.appendChild(kaart)); }); } // Initieel en bij AJAX reload document.addEventListener("DOMContentLoaded", sorteerEnGroepeerKaarten); document.addEventListener("bricks/ajax/nodes_added", sorteerEnGroepeerKaarten);
function sorteerEnGroepeerKaarten() { const container = document.querySelector(".risk-loop-container"); if (!container) return; // Verwijder oude gegroepeerde rijen container.querySelectorAll(".risk-row").forEach((el) => el.remove()); // Verzamel en sorteer alle kaarten op starttijd const kaarten = Array.from(container.querySelectorAll(".risk-card")); const rijen = {}; kaarten.sort((a, b) => { const tijdA = a.getAttribute("risk-starttijd") || ""; const tijdB = b.getAttribute("risk-starttijd") || ""; return tijdA.localeCompare(tijdB); }); // Groepeer kaarten per tijdslot kaarten.forEach((kaart) => { const tijd = (kaart.getAttribute("risk-starttijd") || "").trim(); if (!rijen[tijd]) { const rij = document.createElement("div"); rij.classList.add("risk-row"); rij.setAttribute("data-starttijd", tijd); rij.style.display = "grid"; rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))"; rij.style.gap = "1rem"; container.appendChild(rij); rijen[tijd] = rij; } rijen[tijd].appendChild(kaart); }); // Sorteer binnen elk tijdslot op podium Object.values(rijen).forEach((rij) => { const cards = Array.from(rij.querySelectorAll(".risk-card")); cards.sort((a, b) => { const pA = parseInt(a.getAttribute("data-podium")) || 999; const pB = parseInt(b.getAttribute("data-podium")) || 999; return pA - pB; }); cards.forEach((kaart) => rij.appendChild(kaart)); }); } function initKaarten() { sorteerEnGroepeerKaarten(); const container = document.querySelector(".risk-loop-container"); // Herinitialiseer Bricks Extras Lightbox if (typeof doExtrasLightbox === "function" && container) { doExtrasLightbox(container, true); console.info("✅ Bricks Extras Lightbox opnieuw geïnitialiseerd"); } else { console.warn("⚠️ Bricks Extras Lightbox functie niet beschikbaar of container niet gevonden"); } } // Init bij paginalaad document.addEventListener("DOMContentLoaded", initKaarten); // Init na AJAX/facet filtering document.addEventListener("bricks/ajax/nodes_added", initKaarten);
Location
This year’s Risk Event takes place at Spant!, a modern and inspiring venue in the heart of the Netherlands. Located in Bussum, just 25 minutes from Amsterdam and easily accessible by car and public transport.
Spant!
Dr. A. Kuyperlaan 3
1402 SB, Bussum


Gallery
Take a look back at Risk Event 2024. A day full of inspiring talks, lively discussions, and meaningful connections.
Scroll through the highlights and relive the atmosphere, the energy, and the people who made it unforgettable.