The illusion of the finish line
From NIS2 compliance to the geopolitical realities of the Cybersecurity act 2
Many organisations treat NIS2 as the ultimate finish line for cybersecurity compliance. They are wrong. While NIS2 fundamentally changes who carries the risk by introducing strict management liability, the European Commission's new proposal for the Cybersecurity act 2 (CSA2) proves that the regulatory horizon is moving.
In this keynote, Joris Deene, partner at Everest Attorneys, confronted us with the uncomfortable reality of the Belgian NIS2 enforcement and the upcoming geopolitical shifts. This session moved beyond basic compliance theory to tackle urgent strategic questions: Who is personally accountable when an incident strikes? What decisions will regulators scrutinise? And crucially, what happens to your IT architecture when the EU mandates the phase-out of "high-risk" foreign suppliers from your supply chain?
Through a pragmatic legal lens, his keynote challenged cyber leaders to rethink their security governance, documentation, and 'regulatory exit clauses' in vendor contracts, ensuring their strategy is defensible both on paper and in practice.
by Joris Deene, Attorney & Partner at Everest Attorneys
Joris Deene is a leading expert in technology, cybersecurity, and intellectual property law. He advises organisations and their boards of directors on complex digital matters, IT compliance, and corporate liability. Alongside his work on regulatory frameworks like the NIS2 Directive, he has authored over 100 legal publications. Joris is also a recognized decision-maker for .be domain name disputes, a guest lecturer at Ghent University, and a member of several advisory and professional bodies, including the Intellectual Property Council (FPS Economy).
Link to the presentation of Joris Deene on Linkedin
xxx
Fifty shades of CISO
Iwona Muchin explored how the modern CISO operates in a complex grey zone between authority and influence, independence and collaboration. Her keynote highlighted the many roles today’s CISO must master: an independent risk authority like an auditor, a trusted advisor and “shrink” to the ExCom, a whisperer to Legal, a protective yet pragmatic guide for employees, a best friend and challenger to IT, and a strategist capable of outsmarting sophisticated attackers. Drawing on real-world experience, the talk argued that true CISO effectiveness requires independence from the CIO, not to weaken IT, but to strengthen accountability, trust, and informed risk-based decision-making at the highest level. This session showed how effective CISOs do not choose one role, but master all fifty shades of CISO.
by Iwona Muchin, CISO & DPO at Ageas Group
Iwona Muchin is CISO and Data Protection Officer at Ageas Group, with over 25 years of experience in information security, IT risk management, and data protection in the financial services sector. Having held senior roles across Europe and internationally, she is known for translating complex security and regulatory challenges into pragmatic, business-driven solutions. She brings a strong strategic perspective, combining executive leadership with deep expertise in cybersecurity, risk, and compliance.
Read the full article about Iwona Muchin's presentation.
xxx
Panel Interview
Pascal D'Eer, Chief Risk Officer (CRO) at the Belgian Federal Police, interviewed experienced CISOs, focusing on their daily responsibilities and key lessons learned in the field of cybersecurity.
The panel consisted of
xxx
Aligning identity control, audit-ready security, and continuous compliance with NIS2.
Drawing on real-world use cases, this session highlighted how a unified identity-first approach helps organisations reduce risk, simplify audits, and stay continuously compliant in an evolving regulatory landscape.
Hariharan Narasiman, Cybersecurity Solutions Consultant @ ManageEngine
Hariharan is a Cybersecurity Expert at ManageEngine with deep expertise in Identity and Access Management (IAM) and cybersecurity. He works closely with organisations across industries to design, implement, and optimize identity-driven security strategies. At ManageEngine, he plays a key role in technical consulting, product training, and enterprise implementations. Hariharan is also an active public speaker, regularly presenting at global conferences and industry events on topics related to identity security, governance, and modern cyber-defence strategies.
xxx
Artifhacking Intelligence
Think AI systems are unbreakable? Think again. Inti showed us how anyone can hack AI. Through live demos, he illustrated how to beat AI and influence outcomes in our favour.
Inti De Ceukelaire, Ethical hacker & cybercrime investigator
Inti De Ceukelaire is a renowned ethical hacker and cybersecurity specialist. With a deep passion for digital security, he has built an impressive track record in international hacking competitions and vulnerability disclosure programs. His work has earned formal recognition from leading organizations including Google, Meta, Yahoo, the U.S. Department of Defense, Airbnb, Dropbox, PayPal, and Amazon for identifying and responsibly reporting critical vulnerabilities. He is an enthusiastic public speaker who shares his insights on cybersecurity in an accessible and engaging way.
xxx
Partner Spotlight
Our sponsors briefly presented who they are and how they support organisations in strengthening their cybersecurity posture.