Conference Agenda 2025

Sycamore Ballroom

10:50 An Update on ENISA Certification Activities (J11a) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece

11:20 From Launch to Lift-Off: EUCC Start-Up Challenges and Scaling Operations for Full Compliance (J11b) Jose Emilio Rico, Cybersecurity Strategy Leader, DEKRA Testing and Certification S.A.U., Spain

11:50 Cloud Common Criteria Certification Considerations (J11c) Mike Grimm, Principal Security Program Manager, Microsoft, United States

Buckeye (First Floor)

10:50 Certification Strategies for Global Cybersecurity Compliance in IoT (T11a) Antonio David Vizcaino Gomez, Cybersecurity Technical Sales Manager, DEKRA, Spain

11:20 Assessing the Cyber RED-DA: Our Take on the Good, the Bad, and the Impact of EN 18031 (T11b) Nuria Carrio, Certification Technical Director, Applus+ Laboratories, Spain

11:50 The Impact of the Cyber Resilience Act on Different Industry Sectors (T11c) Raluca Viziteu, Security Consultant, Secura, Netherlands

Chestnut (First Floor)

10:50 Experience and Lessons Learned: Cybersecurity Compliance of Industrial Control Systems Base on IEC62443-4-2 Testing (D11a) Odei Olalde, Chief Technology Officer (CTO), Orbik Cybersecurity, Spain

11:50 Closing the Cyber Risk Protection Gap: A Call for Collective Action (D11b) Andreas Schmitt, Global Cyber Underwriting Manager, Zurich Insurance Company, Switzerland

11:20 A Positive, Comprehensive and Successful (so far) Multi-Referential Compliance (D11c) François Ehly, Senior Manager Compliance, Almond, France; Thierry Notot, IoT Cybersecurity Manager, Socomec Group, France

Sycamore Ballroom

Track Sponsor

13:20 Breaking New Ground: ITSEF’s Journey Through EUCC Accreditation and Authorization (J12a) Wei Yuan, Director of Operations, Applus+ Laboratories, Spain

13:50 Panel Discussion: EUCC Scheme—First Experience in Setting Up the Necessary Ecosystem (J12b) Leader: John Boggie, Sr. Director Head of Cybersecurity Certification, NXP Semiconductors United Kingdom; Panelists: Tyrone Stodart, Senior Principal Security Analyst, Oracle, United Kingdom; Ferenc Molnár, CEO, CCLab, Hungary; Sebastian Fritsch, Lab Manager/Head of ITSEF, Secuvera, Germany; Jasiek Tabeau, Project Director for Certification, Riscure, and Member of the SESIP Committee, GlobalPlatform, Netherlands [60 MIN]

Buckeye (First Floor)

13:20 State of Play of Security Requirements for EUDI Wallet and Interplay With the EU CSA (Regulation 2019/881) and EU CRA (S12a) Alban Feraud, Manager of Standards and Regulatory Affairs, IDEMIA, Belgium

13:50 From Development to Deployment: Ensuring Secure Variable Frequency Drives Against Cyber Attacks (S12b) Manju Venugopal, Product Security Leader, Rockwell Automation, United Kingdom

14:20 Importance and Challenges of Security Evaluations of Hardware-Based Security (S12c) Anders Olof Möller, Manager for R&D, DEKRA, Spain

Chestnut (First Floor)

13:20 One Principle to be Considered Before Developing New Certification Schemes (Y12a) Alireza Rohani, Certifier, TrustCB, Netherlands

13:50 Harmonising IoT Security: Lessons from Singapore’s Cybersecurity Labelling Scheme (Y12b) Edwin Sin, Senior Consultant, Cyber Security Agency (CSA), Singapore

14:20 Navigating EU Cybersecurity Regulations: Challenges for Smart Lock System Developers (Y12c) Marc Le Guin, Head of Evaluation Body IT Security, TÜV Informationstechnik GmbH, Germany

Sycamore Ballroom

15:20 New European Standard—Does a Cybersecurity Certification Scheme Fit into the Framework? (S13a) Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland

15:50 The Benefits of the EN 17640 Standard in the Harmonisation of the German and French Fixed-Time Certification Schemes (S13b) Jens Ziegler, Head of Division—BSZ, NESAS Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Yannick Moy, Head of ITSEF Licensing, Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), France 

16:20 Building Trust: Developing a Private Cybersecurity Certification Scheme for Cryptographic Modules under ISO/IEC 19790 (S13c) Jose Emilio Rico, Cybersecurity Strategy Leader, DEKRA Testing and Certification S.A.U., Spain

16:50 Navigating the Future of Security Compliance: An Introduction to OSCAL (S13d) Pirooz Javan, Chief Technology Officer (CTO), Easy Dynamics, United States

Buckeye (First Floor)

15:20 Requirements of the Cyber Resilience Act in Practice (R13a) Markus Engqvist, Lab Manager, atsec information security AB, Sweden

15:50 Assessment of Harmonised Standards for the EU Cyber Resilience Act (R13b) Omar Dhaher, Associate Director, Standardisation and Compliance Policy, DIGITALEUROPE, Belgium

16:20 Panel Discussion: Navigating EU Regulations—The Interplay Between RED, CRA, and EU Certification Schemes (EUCC and Beyond) (R13c) Leader: Jose Francisco Ruiz Gualda, Cybersecurity BU Director, Applus+ Laboratories, Spain; Panelists: Angel Moreno Rubio, Digital Policy Manager, TIC Council, Belgium; Nikos Mavrogiannopoulos, Product Security Program Architect, ASSA ABLOY Global Solutions, Czech Republic; Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece; Monique Bakker, Senior Expert EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure, Netherlands [60 MIN]

Chestnut (First Floor)

15:20 How SBOMs and Vulnerability Management Became Essential for Achieving Compliance (F13a) Massimo Ratti, Partner and Solutions Architect, Security Pattern, Italy

15:50 Understanding SBOMs in Real-World Systems—A Practical DevOps/SecOps Perspective (F13b) Andrei Costin, Assistant Professor / CEO / Co-Founder, University of Jyvaskyla / Binare.io, Finland

16:20 Polish Experience on the Implementation of EUCC (F13c) Jakub Dysarz, Cyber Attaché Digital Affairs Unit, Permanent Representation of the Republic of Poland to the EU, Poland

16:50 EUCC Scheme Lifecycle: The ISAC Maintenance Model (F13d) Pierre-Jean Verrando, Director General, Eurosmart, Belgium

Sycamore Ballroom

09:00 CRA from BSI Perspective (R20a) Sandro Amendola, Head of Standardization/Certification Department, Bundesamt für Sicherheit in der Informationstechnik, Germany

09:30 How Will IoT Applications Be Able to Build Upon a Security Resilient Eco-System? (R20b) Sandrine Pic, Security Programs Manager, Nordic Semiconductor, Norway

10:00 Will CRA Solve the Supply Chain Security or Create a Procurement Maze? An Assessment from an Industry Perspective (R20c) Arnaud Martin, Expert Cybersecurity Regulation and Standardisation, Agoria, Belgium

Buckeye (First Floor)

09:00 Strengthening ETSI EN 303 645: Insights from TIC Council’s Cybersecurity Hackathons (T20a) Jorge Wallace, Cybersecurity Technical Leader, DEKRA, Spain

09:30 Threat Model for Embedded Devices—EMB3D™ (T20b) Adam Hahn, Principal OT Security, The MITRE Corporation, United States

10:00 The Dark Side of Solar Energy (T20c) Erika Langerová, Head of Cybersecurity Research, UCEEB, Czech Republic; Jan Osenberg, Head of System Integration, SolarPower Europe, Belgium

Chestnut (First Floor)

09:00 ECCG Cryptographic Subgroup Update (A20a) Lucile Gallant Boisard, Cybersecurity Consultant, Internet of Trust, France

09:30 Preparation of Europe Against the Quantum Threat—How to Become Quantum Safe with PQC (A20b) Manfred Rieck, VP Individual Solution Development, Deutsche Bahn, Germany

10:00 On Certifying Post-Quantum Implementations at “High” Assurance Level (A20c) Markku-Juhani Saarinen, Professor of Practice, Tampere University, Finland

Sycamore Ballroom

11:00 CRA for Device Makers—How Can EN 17927 Simplify Regulatory Compliance? (R21a) Carlos Serratos, IoT Certification Expert, GlobalPlatform, Netherlands

11:30 Panel Discussion: Implementation of the CRA for Product Development in the EU (R21b) Leader: Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics, Belgium; Panelists: Chris Gow, Director, Cisco, Belgium; Patrik Palm, Director Product Security, Ericsson, Finland; Jan Eichholz, Head of MS Security, Giesecke+Devrient, Germany; Johan Klykens, Director CCB-Certification Authority, Centre for Cybersecurity Belgium, Belgium [60 MIN]

Buckeye (First Floor)

11:00 You’re Doing WHAT for Security?: Securing the Digital Enterprise with Open, Consensus-Based Standards (S21a) John Linford, Director, The Open Group, United States; Michelle Horrobin, Director, Digital Portfolio at The Open Group, United Kingdom

11:30 Panel Discussion: Bringing Cybersecurity into the European Software Market: An Opportunity or a Tough Challenge? (S21b) Leader: Davide Ariu, OWASP Italy Co-Chair, PLURIBUS ONE—OWASP ITALY, Italy; Panelists: Roland Atoui, Managing Director, Red Alert Labs, France; Roberto Cascella, CTO, European Cyber Security Organisation (ECSO), Belgium; Salvador Trujillo, CEO, ORBIK Cybersecurity, Spain [60 MIN]

Chestnut (First Floor)

11:00 Securing the Point of Interaction Terminal Yesterday, Today and Tomorrow (B21a) Jeremy King, Regional VP Europe Middle East Africa, Payment Card Industry Security Standards Council (PCI SSC), United Kingdom

11:30 NIS2 and Cybersecurity—Effective Strategies for Compliance and Risk Management (B21b) Ralf Kutsche, Cybersecurity Expert and Author, bkm consultants, Germany

12:00 Bridging the Cybersecurity Skills Gap: Driving Successful Implementation of EU Regulations with Certified Professionals (B21c) Jon France, Chief Information Security Officer, ISC2, United Kingdom

Sycamore Ballroom

13:30 Securing Railways: The Impact of Cybersecurity Standards and Certifications on Critical Infrastructure (R22a) Eddy Thesee, Vice President Product Cybersecurity, Alstom, France

14:00 Panel Discussion: Securing the Tracks—Navigating the NIS 2 and CRA in the Railway Industry (R22b) Leader: Amelia Alder, GRC Cybersecurity Manager, Knorr-Bremse, Switzerland; Panelists: Eddy Thesee, Vice President Product Cybersecurity, Alstom, France; Andreas Meyer, Chief Product Security Officer, Knorr-Bremse, Switzerland; Thomas Chatelet, Project Officer, European Railway Agency, France; Dominik Weidtmann, Procurement Rolling Stock, Deutsche Bahn, Germany [60 MIN]

Buckeye (First Floor)

13:30 Securing Europe’s Defence: Enhancing Defence Industrial Base Cybersecurity Maturity in the Face of New Defence Industrial Strategies (S22a) Krzysztof Swaczynski, CEO, SEQRED, Poland

14:00 Panel Discussion: What Should Be the Role of Basic Assurance and Self-Assessment in the CSA/CRA World? (S22b) Leader: Tony Boswell, Senior Principal Consultant, CyTAL UK Ltd, United Kingdom; Panelists: Constantinos Tsiourtos, Managing Director, KINEAS LLC, Law & Technology expert, Cyprus; Andreas Schmitt, Global Cyber Underwriting Manager, Zurich Insurance Company, Switzerland; Carolina Lavatelli, CTO, Internet of Trust, France; Fabrice Heiser, Senior General Manager, Brightsight by SGS, Singapore [60 MIN]

Chestnut (First Floor)

13:30 Security from the Start: The Financial and Operational Gains of Secure Software Development (F22a) Jeffrey Apolis, Principal Cybersecurity R&D Science and Engineering, Sandia National Laboratories, United States

14:00 Panel Discussion: How to Deal with Open-Source Software Used in a Product Under CRA? (F22b) Leader: Arnaud Martin, Expert Cybersecurity Regulation and Standardisation, Agoria, Belgium; Panelists: Mikael Barbero, Head of Security, Eclipse Foundation Inc., Spain; Jordan Maris, EU Policy Analyst, The Open Source Initiative, Belgium; Jean-Charles Verdié, Head of Devices/IoT Field Engineering EMEA, Canonical, France; Matteo Mole, Manager for Cybersecurity Technologies and Innovation, European Cyber Security Organisation (ECSO), Belgium [60 MIN]