Program     |     Speakers     |     Registration     |     Sponsors     |     Location     |     Contact



Bjørn Watne is closing on two decades of professional experience working with Information Security, and is currently employed as CISO for the Storebrand Group – delivering services within banking and insurance for the Scandinavian market. Previous to joining the financial sector, Watne held numerous positions within telecoms as well as working as a consultant with different industries.

He has his BSc in Computer Science from Agder University in Norway, and an MBA from ESCP in Paris, France. Professional certifications include CISSP and ISSMP from (ISC)2, and CISA, CISM, CRISC and CGEIT from ISACA, where he currently sits as Immediate Past President, and Director of International Relations for the Norway chapter.

"The Subtle art of Sourcing"

How to manage risks involved with 3rd parties running your systems.

How most businesses are run have changed dramatically over the years. The age of the do-it-all-inhouse megacorporation are gone, and everywhere we see both private companies and public offices becoming more specialized around core functions - leaving multiple partners and vendors to take care of the rest.

This distributed model and complex value chains can prove a risk to the company if not managed properly. In order to minimize risk and ensure there is a solid foundation to build a partnership upon, it is of uttermost importance that necessary preparations are done in advance. Buyers competence and the Sourcing process might be underway to become one of businesses most important function, going forward.


Bruno Horta Soares, CISA®, CGEIT®, CRISC™, PMP®, LEGO® Serious Play®  has 18 years of IT Professional Services experience, particularly in areas related with Governance and Management of Enterprise IT, Security and Digital Transformation. He devotes enthusiastically to advising, teaching and training professionals and Organizations, collaborating with a network of partners, specially IDC Portugal where he’s Executive Senior Advisor. He teaches in different university Executive Programs, he’s the founder and President of the ISACA Lisbon Chapter and keynote speaker at various conferences and seminars, having been selected in 2019 as the recipient of the ISACA John Kuyers Award for Best Speaker. He has a 5 years degree in Management and Computer Science, a post-degree in Project Management and the professional certifications CISA®, CGEIT®, CRISC™, PMP® and LEGO® Serious Play® Facilitator.

"Govern Artificial Intelligence or be governed by it"

The new nature of risk

Digital transformation has significantly changed organizations' risk tolerances and exposure to risk. AI, IoT, automation, and connected ecosystems bring a broader risk exposure to all organizations. At the same time, regulations, publicity, fines, and costs force risk tolerances lower, requiring new thinking, priorities, and vigilance. At the core of everything is Information! Improving the Governance and Management of Enterprise Information and Technologies can’t wait! Emerging technologies in general and artificial intelligence in particular requires new thinking in security, privacy and risk management and COBIT 2019 is right there to support you.


richard hollis

Richard Hollis

Cyber Security & Data Privacy Expert
Richard Hollis is the Chief Executive Officer for a London-based, European cyber security consultancy firm called Risk Crew specialising in data security risk management and testing services.
Richard possesses over 30 years of “hands on” skills and experience in designing, implementing, managing and auditing information security risk management programs.
Over the course of his career Richard has served as Director of Security for Phillips, Paris, and Deputy Director of Security for the US Embassy Moscow Reconstruction Project as well as a variety of sensitive security positions within the US government and military. In addition to his work with the Risk Crew, Richard serves on several security technology company boards and security industry advisory councils.
Richard is a celebrated public speaker and seasoned ISACA CISM, CRISC, CSX and Cybersecurity Audit certifications trainer. Richard has presented to hundreds of audiences across the world on a wide variety of information risk management topics and techniques. As a recognised industry authority, he has published numerous articles and white papers and appeared on national and international broadcast news shows as well as being cited in a wide range of press including the BBC, MSNBC, Radio 4, the Financial Times, Time magazine and various others.


The Org Chart

Cybercrime is big business. Traditional organised crime groups such as the Cosa Nostra, Yakuza, Chinese Triads, as well as Russian and Nigeria gangs have all opened “cyber” divisions. Additionally, new transnational syndicates like the Russian Business Network, ShadowCrew and Superzonda have risen to capture the opportunities in next generation crime.
The World Economic Forum estimates that transnational organised cybercrime gangs rake in more than $2 trillion a year in profits. To achieve this, they organise themselves like a business locating their headquarters in jurisdictional safe havens free with corrupt or weak governments free of extradition. They implement cutting-edge business practices straight out of Wharton or Harvard Business School textbooks to ensure a return for their shareholders formalising department heads, divisions of labour, product delivery and testing, sales, marketing, consultant and supply chain management through to customer feedback.
To understand the power and professionalism of today’s cybercriminal organisations, we need only take a good look at its org chart. This presentation deconstructs the modern cybercriminal organisation reviewing the roles, responsibilities and reporting lines associated with 12 key positions in an established CyberCrime.com business. Additionally, it presents the key roles in a cybercriminal “start-up” business to ensure its success.
The content of this presentation is based on over 20 years of open-source and dark web available material along with publicly available law enforcement case documentation. The presentation is devoid of commercial content.

Josina Rodrigues

Josina is a blockchain advisor and the first holder of a blockchain Ph.D. in Portugal (according to Renates). Before starting as an investigator in 2016, she worked for over 20 years in the corporate world as a Marketing & Finance Director and as a Consultant & Advisor for several enterprises. She is currently a Blockchain Consultant & Trainer at Blockchain SVCS, as well as a lecturer and advisor at various institutions.

Presentation on Blockchain Risks
(More info coming soon)


Anne-Marie Twigge

Creative Director & Strategist Anne-Marie utilises creativity in proposition development for growth as Creative Lead in global projects. Pushing boundaries beyond the common and a keen professional who involves disassociated disciplines like conceptual arts, behavioural psychology (certified behavioural designer), economics, tech (certified growth hacker) and brand communications as interconnected knowledge hubs. Anne-Marie graduated with BA in Business Administration and an MA in Artistic Research in The Netherlands. She has called Shanghai, Mumbai, New York, and Amsterdam home launching numerous successful companies and projects as a founder as well as a freelancing independent for corporates, (social) enterprises and non-profits. She is also Advisory Board Member of UN Women Netherlands.

Attention: The “looks” of a Risky Business

How design aesthetics impact human perception of security and risk in digital products.

How users perceive the trustworthiness of information systems is not trivial, in fact, if a user cannot trust technology to execute commands on their behalf, then the user will not run it. Yet, if a user is overfamiliar with a system it may not quickly notice changes that could imply that the system is a false system aimed to deceive the user.

When one conceives a new system with the aim of managing risk one could over occupy oneself with the programmatic technology itself, i.e. the code, the encryptions, the connections.  However, how does one keep in mind and thus manage fraud that can rapidly occur by the simple act of “peeling off the face” of a digital product or service and copying that frontend to another backend playing on biases that increase acceptive behaviour and diminish perceptual signs of risk. The level of trust that is placed in the information technology and software systems depends on the experience and interactions a user has in functionality and usability; both heavily relying on aesthetics.

Designing in environments aimed to mitigate risk, begs the questions:

  • How important is visual design in the business of risk management when digital information systems are utilised?
  • How does the experience of design impact our cognitive evaluation of something as trustworthy or not - particularly when dealing with technologies instead of humans?
  • What learnings can be shared when building an identity for a secure digital proposition?
  • Can design help you control behaviour and increase success metrics for compliance in a digital environment?