2023 edition

In 2023, the tone is set by our Honorary Chairman, Sabrine Guiheneuf: Let's take it up a notch! Our industry is moving fast, very fast, and there's no slowing down in sight. The pace of attacks, the emergence of innovations, the rotation of teams, the profiles of attackers, the social and geopolitical environment... CISOs are under pressure, and more than ever they need to take a step back, to take the time to exchange views with their peers and partners: this is the role of the Assises, and this is the roadmap that the Steering Committee has defined for this new edition.

At the traditional opening conference, we'll be giving the floor to those who are structuring, innovating and anticipating, to give impetus to these 4 days of exchange and sharing.

With the intervention of :

• H.E. Mr. Pierre Dartout, Minister of State of the Principality of Monaco
• Jean-Philippe Lecouffe, Lieutenant General, Director of Operations, Europol
• Vincent Strubel, Director General, ANSSI
• Sabrine Guiheneuf, President of Assises, Director of Groupe Cybersécurité et Gouvernance IT URW and Director of CESIN

The shadow of the quantum apocalypse has been hanging over the heads of CISOs for some years now. We propose to share our perspective on the threat and, above all, to suggest strategies and plans to limit the risks. Recent technological news has also brought artificial intelligence to the fore, and in particular generative AI, raising new questions both in terms of new attack vectors and a new, data-hungry technology that also needs to be protected.

With :

• Eric Brier, VP, Chief Technology Officer Cyber Defence Solution, Thales
• Pierre Yves Jolivet, Vice President Cyber Defense Solutions business line, Thales

The emergence of cutting-edge technologies such as generative artificial intelligence and quantum computing is shaking up the cybersecurity landscape, particularly in retail and e-Commerce. These transformative innovations present both unparalleled opportunities and unprecedented challenges for businesses. We'll be looking at the impact of AI and quantum supremacy on cybersecurity. Guillaume Cécile, CISO at Carrefour Group and Michelle Zatlyn, President and co-founder of Cloudflare explore the new and ever-changing threat landscape and propose proactive strategies for securing the digital world in an age of technological upheaval.

With :

• Michelle Zatlyn, Co-founder, president, and chief operating officer, Cloudflare
• Guillaume Cécile, CISO, Carrefour Group
• Boris Lecoeur, Managing Director France,Cloudflare

André Manoukian describes himself as a pianist of Armenian-Cosmic origin, so the stage is set! He is also a songwriter, columnist and radio and TV presenter. During this talk, André Manoukian will tell us a story about music. Original and sensitive, peppered with anecdotes and great revelations, this "pianoté lecture" will be an opportunity to revisit the notions of intuition, management, pedagogy and of course... audacity!

With André Manoukian, pianist and creator

IKEA's success is based on simplicity, affordability and innovation. Is it possible to apply the same principles to cybersecurity? As threats and complexity increase, we need a radical new approach to information security. In this session, Amitai Ratzon, CEO of Pentera, will discuss such an approach, illustrating how DIY security validation, leveraging automation technology, is poised to revolutionize and simplify security validation at large. Using the example of an IKEA chair, Amitai will demonstrate how security teams can improve cyber preparedness to win the cyber battle without fighting.

With William Culbert, Director France Benelux, Pentera

Cisco accompanied the London 2012, Rio 2016 and Tokyo 2020 Olympic and Paralympic Games as an Official Network Infrastructure Partner. Building on these partnerships, Cisco will also deploy Cybersecurity infrastructures for Paris 2024. Together, these technologies will provide a framework of trust for all stakeholders in the Paris 2024 Olympic and Paralympic Games.

We'll be sharing this project and all the challenges and resources this event requires to deal with cyber threats. Also, we will discuss how Cisco is protecting itself in a context of strong digital transformation.

With :

• Franz Regul, Director of Information Systems Security, Paris2024
• Eric Greffier, Business and Technology Director, Cisco
• Anthony Grieco, SVP, Chief Information Security Officer, Cisco

There are undoubtedly as many sticking points as there are cyber risks at international level: laws and regulations to start with, then critical infrastructure management, or cloud and data governance between states. During this discussion, our speakers aim to: - Understand/map out this "cyber geopolitics" - Imagine the foundations of international cooperation fostering the sharing of intelligence and best practices - Define the fundamentals of coordinated incident response

Moderated by : Eric Domage, observer of B2B IT universes.

With :

• Thierry Auger, Deputy CIO and CSO,
• Lagardère Rayna Stamboliyska, CEO at RS Strategy & Digital EU Ambassador at European Commission
• Farid Illikoud, Group CISO & Digital Strategy Officer, Group Decathlon

Weak signals are a cybercriminal's best friend. Or their worst enemies. As cyber-attacks become more frequent and more complex, companies can no longer simply adapt, but anticipate. And it's by getting to grips with these weak signals that they can do just that: by detecting the business sectors affected, the methods used, the types of surface, the context, the mechanisms, the indicators... Cyber threat intelligence can become an attacker's worst nightmare. In this session, our speakers will explain how Threat Intelligence can padlock the door to attacks, even Friday night ones!

Moderated by : Jérôme Saiz, Corporate Protection Expert, OPFOR Intelligence

With :

• Julien Bachelet, Global CISO & Cybersecurity Director, Hermès
• Sabine D'Argœuves, Cyberdefense Manager, Danone
• Axel Castadot, National Crisis Director for Information Systems (DNCSI), SNCF
• Arnaud KOPP, Head of Coordination and Operational Partnerships Office (CPO), ANSSI

Digital Responsibility is an approach that aims to reduce the environmental impact of digital technology, while at the same time providing solutions for reducing the carbon footprint of business activities and acting on the social and governance impact of digital use. This approach is increasingly present within organizations, as the IT sector currently accounts for between 1.8% and 2.8% of the world's carbon footprint, and this figure is rising by 9% a year (Source: Forrester, Ready for IT 2023 conference). So we can no longer look the other way.

Moderated by Sabrine Guihéneuf, Group Director Cybersecurity and IT Governance URW and Director of CESIN

With :

• Pierre-Luc Refalo, VP - Head of Group "IT & Cyber Security" Audit, Capgemini
• Marie Ait Daoud, Green IT Manager - DSI Groupe VINCI
• Andrada Dugan, Innovation & Sustainability Director, ISS France

When an ethical hacker is commissioned by a company to assess the risks to which it is exposed, he doesn't just have his computer keyboard as a tool. He may also have a lock-picking kit found for less than €20 on a well-known marketplace. Physically, the door can be broken into, as can the intelligence we now put into buildings. On the other hand, a cyber-attack can have direct physical consequences, blocking the door you wish to open. Should the CIO take this issue head-on, and if so, how? How can we draw inspiration from the smart city, the cradle of intelligent buildings, to better understand the heterogeneity of their vulnerabilities and secure them?

Moderated by Annick Rimlinger, Director of Safety-Security, Cyber & DataProtection, Aéma Groupe

With :

• Frank Van Caenegem, VP Cybersecurity, CISO EMEA, Schneider Electric | Board member, CESIN
• Brice Augras, President and Founder, BZHunt
• Victor Poucheret, Associate Technical Director, BZHunt
• Amaury Pitrou, Co-founder & Managing Director Smalt - Bouygues Construction

French industry accounts for 13% of GDP (source: franceindustrie.org), and the government's plan to reindustrialize the country should boost this figure even further. The sector, already subject to an intense pace of innovation, is increasingly exposed to (and even dependent on) international networks, multiplying cyber risks exponentially. But this innovation is also backed by an infrastructure that is often outdated or obsolete, making it more susceptible to attack by malicious international groups. The good news is that Industry 4.0 is boosting the economy and jobs, but it is also increasing the surface area and stakes of attacks, with the immediate risk of costly disruption. Industrial security must imperatively be in real time, and this is what our speakers, inspired by *Churchill, will set out to demonstrate.

Moderated by Sabine D'Argœuves, Cyberdefense Manager, Danone

With :

• Sabri Khemissa, Group ICS/OT Cybersecurity Manager, Imerys
• Bertrand Aït-Touati, Industrial CyberSecurity Program Director, Suez
• Thierry Manciot, Head of Cyber Security for network and Manufacturing & Supply, Sanofi

Dive into the challenges of misinformation. This round table will highlight emerging methods of online manipulation and their implications for digital security. Cybersecurity professionals are under increasing pressure to counter these disinformation strategies. Collaboration and intelligence sharing are essential to build a robust, legal and ethical defense. We will also examine future trends and the vitality of innovation in the fight against information manipulation.

Moderated by Véronique Loquet, PR cybersecurity specialist

With :

• Nathalie Devillier, Founder of Influence Cyber and expert for the European Commission
• Bogdan Bodnar, cyberwar journalist
• Laurent Bloch, formerly head of scientific computing at Institut Pasteur, Director of Information Systems at Université Paris-Dauphine

Already present in many cyber domains, AI has made a dramatic entry onto the CISO agenda in recent months. Whether used for defense purposes or by attackers, or as part of a company's new strategies, CISOs must now come to terms with this new paradigm. How can they cope? Should security policy be modified? What new skills are needed on the cyber team? How can it be better used for cyber defense? How should our SOCs and risk analyses evolve?

Moderated by Alain Bouillé, CESIN General Delegate

With :

• Vincent Lefret, CISO & Cybersecurity Manager, Système U
• Olivier Ligneul, Cybersecurity Director, EDF Group
• Arnaud Martin, Chief Information Security Officer, Groupe Caisse des Dépôts
• Nathalie Devillier, Founder of Influence Cyber and expert for the European Commission

For several years now, the number of cyber attacks has been exploding, and they are becoming increasingly serious. Faced with this risk, institutions are clearly advocating the filing of complaints. Indeed, without filing a complaint, there is no visibility of the phenomenon, and without visibility, there can be no policy to combat it. This round table aims to tackle the subject from several angles: the judicialization seen and expected by institutions, the reality on the ground from the point of view of target economic players, and the concrete case of a large-scale organization that has offered the community a set of reflex cards and best practices.

Moderated by Loïc Guézo, Vice-Chairman of Clusif and Lieutenant-Colonel (RC) attached to the Gendarmerie's cyberspace command.

With :

• Cyril Tesser, Director of Information Protection, La Poste Group
• Eric Freyssinet, Brigadier General, Senior Cybercrime & Cybersecurity Advisor, Gendarmerie Command in Cyberspace (COMCYBERGEND)
• Sébastien Blard, CISO of a major French industrial group
• Aurélien Diche, Cybercrime Assistant, Section J3 - JIRS - JUNALCO - Cybercrime, Parquet du tribunal judiciaire de Paris

Businesses and public authorities have organized themselves in response to the growing threat posed by numerous ransomware attacks and espionage campaigns. The post-Covid economic and geopolitical context in Ukraine has prompted the authorities to tighten regulatory obligations for critical and sensitive information systems (NIS2 Directive, LPM), as well as for specific sectors (Dora, Network Code, etc.). Some companies are witnessing the emergence of a "regulatory mille-feuille", which can lead to duplication of reporting, monitoring and coordination activities, combined with a surfeit of requirements whose cost could be prohibitive for their business model.From now on, cybersecurity departments and CISOs will need to define an in-depth strategy for controlling the main business risks, for complying with internal and regulatory standards, and more generally for positioning the cybersecurity requirements they place on their company's organizations at the right level. The EBIOS club invites you to take part in this interactive workshop in the form of a round-table discussion. Two major groups and ANSSI will share their thoughts and share their own approaches.

The following questions will be addressed: what commitment should senior management make to cyber requirements (strict necessity vs. broad risk coverage)? What approach should be taken to risk coverage (multi-annual risk analysis plan, funnel strategy based on an initial macro-risk analysis, etc.)? How can we manage our relationship with the various authorities that have an impact on corporate governance? REX on our failures and successes in terms of governance and risk acceptance? What impact will NIS2 have on 2024?

Moderated by :

• Maricela PELEGRIN-BOMEL, National Information Systems Security Manager, ETABLISSEMENT FRANÇAIS DU SANG
• Lionel Vodzislawsky, Club EBIOS Administrator.

With :

• Fabien Galle, CISO, ASTEELFLASH
• Jean Baptiste Stuchlik, Director of Cybersecurity, Consumer and Digital Division, LA POSTE
• Christophe Floch, CISO, DASSAULT AVIATION
• Mathieu Couturier, Deputy Head of Division, Digital Security Management, ANSSI

20 years is both a long time and a very short time. Very little, because cyber is still at the beginning of its history, and a lot, because it has already accumulated so many habits and reflexes. In an innovative format, the Assises Editorial Committee is proposing a closing "exercise": a session from which everyone should emerge with a lighter spirit - and lighter methods! Here, we shake up our habits, dust off old reflexes and keep only what is really useful to the CISO's roadmap. During the 23rd Assises de la Cybersécurité, we filled up on ideas, contacts and partnerships, so let's make room for them and cast off!

Moderated by Giles Fontaine, Editor-in-Chief, Challenges

With :

• Loïs Samain, CISO, EDF Hydro and Co-founder of ComptoirSecu Podcast
• Michel Cazenave, Regional CSO & CISO France, Monaco, Maghreb, PWC
• Stéphane Joguet, Global CISO, Sephora
• Sabine D'Argœuves, Cyberdefense Manager, Danone

You've just arrived, the opening conference is over and you're thinking "where on earth can I go?"

Don't worry, I'll explain everything! From best practices to organizing your agenda, from party management to a better view of the Grimaldi Forum venues, the idea of this session is to get together with new guests, answer any outstanding questions, share your thoughts and help you have a great Assises!

With Lois Samain, CISO, EDF Hydro and Co-founder of ComptoirSecu Podcast

Cybercriminals devote the first stages of every attack to reconnaissance. In this workshop, we'll be carrying out OSINT research on large groups to detect the physical, human and cyber vulnerabilities that can be employed by malicious groups in complex attacks.

With Sylvain Hajri, OSINT and cybersecurity specialist, Founder of Epieos, co-founder of OSINT-FR

Marie de Fréminville, President of Starboard Advisory and author of the book "La cybersécurité et les décideurs" (Cybersecurity and decision-makers), will draw on her experience as a member of the AIRBUS Group's senior management team, as well as her coaching of company executives, to help us understand how cyber risk is perceived at Comex and Board level - what are executives' concerns? What are their expectations, and what information do they need to make the right decisions?

Moderated by Paul Lemesle, Chief Information Security Officer, Groupe Lactalis

With :

• Marie de Fréminville, President Starboard Advisory

CEO of GYS, a Mayenne-based ETI specialized in battery chargers and soldering stations, Bruno Bouygues has been supporting the profound transformation of his company over the past few years. He will share with us how he perceives cybersecurity in his different activities - R&D and product (a soldering station embeds 1.2 million lines of code), connected objects, etc.

Moderated by Paul Lemesle, Chief Information Security Officer, Groupe Lactalis

With :

• Bruno Bouygues, CEO, GYS

The NIS 2 directive will be applicable in France, as in the rest of the EU, by October 17, 2024 at the latest. This text imposes numerous obligations in terms of cybersecurity, with significant penalties. Which entities are subject to NIS 2 (companies, administrations... and their service providers)? What are their obligations? What role will the CISO/FSSI play?

With :

• Garance Mathias, Partner, Mathias Avocats
• Cynthia Chassigneux, Lawyer, CHX Avocats inc.