About Le Before

In order to cooperate more fluidly on cybersecurity, public and private players must and wish to develop effective collective intelligence. The Commission proposes to define the objectives of this cooperation, its methods and its framework, and to identify the levers for activating and boosting the ecosystem.

At a time when directives and regulations are multiplying at national, European and international level (NIS2, DORA, AI Act, DSA/DMA, etc.), how can public and private players work together to anticipate these regulations and avoid being subjected to them? While public and private sector players all aspire to develop a collective intelligence on cybersecurity, they have different views on how to meet each other's needs, and on what such cooperation would bring to each. Before defining the terms and conditions, we need to work together to define the objectives of the collaboration and the subjects on which it is necessary and possible to collaborate in order to encourage the emergence of an operational ecosystem in which information circulates openly and creates value.

• Based on past examples of initiatives targeting threat actors such as NoMoreRansom or the Conficker Working Group, the aim is to see how to develop and harmonise collaboration between actors of different genders, sectors or countries. The aim is also to identify the levers that could be used to multiply alliances on a Franco-French scale and to structure an ecosystem that would bring together institutions, companies and partners.
• There are many private bodies and associations (Clusif, Cesin, Cigref, Medef, etc.), but fewer public bodies. New links need to be created between private and public players, particularly in terms of regulations. The aim here is not to seek the approval of the public authorities, but to work hand in hand with them. Discussions between private and public players would enable companies to anticipate future regulations, not to be subjected to them, but to co-construct them with the public authorities.

Moderator: Sophy Caulier, journalist

• Eric Freyssinet, Senior Cyber Adviser, Command of the Ministry of the Interior in Cyberspace (COMCYBER-MI) ("Pathfinder" representative for the potential contributions of private/state entities)
• Benoît Fuzeau, CISO, Casden Banque Populaire (Private sector spokesman)
• Gaëtan Poncelin de Raucourt, Deputy Director of Strategy, ANSSI

Partner: Laurent Oudot, CEO, Tehtris

What strategies can be adopted? How can we deal with this profound change and anticipate action plans to meet these new challenges? Do we have reasonable technological responses to date? In the current context of economic and technological rivalry, the United States' H.R.4346 - Chips and Science Act and initiatives such as China's Document 79 are striking examples of how states are redefining their global influence. Clearly, these measures reflect a desire to strengthen national autonomy and secure critical supply chains. The CISO can no longer ignore this state of affairs, and it is quite likely that in the short term he will become a key player in the associated countermeasures, and could even find himself held liable by a third party, an authority, or even his own employer. Understanding these dynamics is essential if we are to develop robust cyber security strategies and navigate with confidence in an increasingly interdependent and competitive international environment, subject to potential interference and power struggles. We invite you to share our experiences and points of view so that you can acquire a common understanding of these issues and master the doctrines and tools needed to anticipate and respond effectively to these new problems.

Moderated by Garance Mathias, Lawyer at the Paris Court of Appeal

• Olivier Ligneul, Director of Cybersecurity, EDF Group
• Thierry Auger, Deputy CIO and CSO, Lagardère

Partners : 

• Blandine Delaporte, Senior Solution Engineer Director, Sentinel One
• Alexis Caurette, Vice President Strategy and Marketing, Cyber Defense Solutions Business Line, Thales

Open Source Intelligence (OSINT) is a fundamental component of information gathering, intelligence and, ultimately, decision support operations. By analysing and targeting information from open sources, OSINT makes it possible to identify vulnerabilities, monitor and learn about competitors, anticipate threats and inform management in their strategic decisions.

In a changing and geopolitically unstable economic environment, OSINT has established itself as a complementary and powerful tool for strengthening the competitiveness of companies, increasing the influence of governments and helping decision-makers to navigate in a complex world. How do you use OSINT? How do you go about enriching data and transforming it into value-added information? What is the legal framework? In what ways and how could it become a powerful new ally? Find out from the experts invited to share their experience and knowledge.

Moderated by Mélanie Benard-Crozat Editor-in-Chief, S&D Magazine & Impact for the Future

• Sébastien Bombal, Technical Director, Ministry of the Economy and Finance
• Fabrice Bru, DSSI, Les Mousquetaires Group
• Rémi Bertrand, Safety Department - Business Intelligence Manager, Michelin
• Pierre-Luc Refalo, VP - Head of Group "IT & Cyber Security" Audit, Capgemini

Partenaire : 

• Frédéric Laurent, CEO, Snowpack

Some acquisitions will go down in history more than others. At a time when 1,000 European companies are protesting against the takeover of one of their IT suppliers by an investment fund, and appealing to the European Commission, we invite you to collaborate on scenarios specifically dedicated to the cybersecurity sector.

Between mergers, acquisitions, radical changes in commercial offerings and technological and financial dependencies, how can trust be maintained? What specific challenges do ISSMs face when faced with these types of transactions? Could the trends observed in the infrastructure sector be happening in our ecosystem? And why do we remain insensitive to the warnings issued by leading analysts?

After deciphering several acquisitions and their consequences, this new commission of the Before des Assises de la Cybersécurité will put forward recommendations on how best to manage the effects of new takeovers. We will be incorporating feedback and best practice into a guide aimed at maintaining a solid climate of trust within our ecosystem.

Moderated by Caroline Moulin-Schwartz, Technical Delegate, CRiP 

• Eric Vautier, Group CISO, ADP Group
• Maricela Pelegrin-Bomel, National IS Security Manager, EFS
• Pierre-Luc Refalo, Head of IT / Cyber / Data – Group Internal Audit, Capgemini

Partners :

• Jeremy Bellaiche, Regional Vice President - Spain | Majors Accounts France, Tanium
• Loïc Guezo, Senior Director, Cybersecurity Strategy SEMEA, Proofpoint

In an economy in which every company relies on a large number of service providers and partners, and where information systems are hyper and interconnected, security can no longer be considered solely at company level, but on a broader scale. For several years now, hackers have been exploiting security vulnerabilities in the "weakest links", turning suppliers and service providers into unwitting "Trojan horses".

This risk is difficult to control, as it can come from a large number of business partners of varying sizes and cyber defence capabilities. It is now so critical that the European Union, through the NIS2 directive and the DORA regulation applicable to the financial and banking sector, intends to control it. The industrial sector was one of the first to be targeted, back in 2017, with the attack on the aquarium of a Las Vegas casino via its maintenance system and that on Target, a famous American retail chain, by taking control of its air conditioning system.

Drawing on the expertise of the committee's two chairmen who work in this sector, the committee will address the specific challenges faced by all companies/organisations when it comes to managing third-party suppliers (service providers, partners, subcontractors, etc.), the strategies to be adopted to guarantee the security and reliability of these external partners and the contributions of the new regulations versus the constraints they will generate.

Moderated by Annick Rimlinger, Director of Safety & Security, Cyber & DataProtection, Aéma Group 

• Stéphane Nappo, Vice President. Global Chief Information Security Officer, Groupe SEB
• Véronique Bardet, CISO, Pierre Fabre

Partners : 

• Grégory Cardiet, VP, Sales Engineer Europe, Crowdstrike
• Lionel Gonzalez, Technical Director for Southern Europe and Africa, XM Cyber

At the dawn of a new era propelled by the rapid advancement of AI, it is clear that AI offers an unprecedented opportunity for business growth and efficiency. However, it also raises many challenges for security professionals. Cybercriminals are poised to exploit AI to improve the effectiveness of their attacks, specifically target AI systems and take advantage of the risks posed by AI regulation for malicious purposes.

The footprint of AI in the daily lives of CISOs and CISOs is already significant. However, given the speed at which AI is advancing and its increasing adoption, extrapolating its role over the next 3-5 years remains uncertain. AI encompasses a variety of technologies such as neural networks, expert systems, machine learning and deep learning, each with different capabilities and uses yet to be explored.

In addition, the adoption of AI by attackers and defenders could lead to a new balance in cyber warfare. In the face of these impending changes and challenges, it is imperative that security professionals acquire the knowledge and skills needed to master this new technology and its derivative applications. This commission will provide an opportunity to discuss the specific risks associated with AI and the effective controls for managing them.

Moderated by Jérôme Saiz, Business protection expert - OPFOR Intelligence 

• Michel Cazenave, Regional CSO & CISO France, Monaco, Maghreb, PWC
• Patrick Ménez, Deputy Group CSO, Axa

Partner : 

• Cyril Voisin, EMEA Customer Security Officer Manager, Microsoft Security

Que savez-vous des récentes règlementations européennes en matière de crypto-actifs, gouvernance des données et Intelligence artificielle ? Quels sont leurs impacts sur vos activités ? Quelles opportunités offrent-elles ?

Rejoignez-nous pour une discussion stimulante et explorons ensemble les enjeux et les nouveautés que présentent ces textes, à intégrer dans votre stratégie et vos usages !

Avec : 

• Myriam Quéméner, Magistrate
• Garance Mathias, Lawyer, Paris Court

Cybersecurity is a crucial issue for digital sovereignty and critical infrastructure protection in Europe. The 2019-2024 mandate was marked by significant advances, such as the revision of the NIS Directive and the Cybersecurity Act, establishing a European cybersecurity certification framework, and work around the Cyber Resilience Act and the Cyber Solidarity Act, among others.

At the dawn of the new 2024-2029 mandate, it is essential to take stock of these achievements and discuss the challenges and priorities ahead. My talk will aim to shed light on these aspects, offering both a strategic and operational vision.

With : 

• Rayna Stamboliyska, Founder and CEO, RS Strategy