Conference Agenda 2026

Ballroom A

10:50 Linux Kernel Security Assessment for CRA Compliance (F11a) Shubham Singh, Lead Engineer, Intertek Acucert Labs, India

11:20 Asset Flow Analysis (F11b) Lars Hanke, Senior Security Evaluator, Deutsche Telekom Security, Germany

11:50 Fast Common Criteria Assurance Continuity After Product Updates Finally Gets Real. How to Use Patch Management in ISO/IEC TS 9569 Efficiently. (F11c) Michael Meisser, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

Ballroom B

10:50 Meeting CRA With MITRE Emb3d (R11a) Nikos Mavrogiannopoulos, Product Security Architect, ASSA ABLOY Global Solutions, Czechia

11:20 Panel Discussion: CRA Implementation—Compliance via Harmonised Standards (R11b) Leader: Omar Dhaher, Associate Director, Standardisation & Compliance, DIGITALEUROPE, Belgium Panelists: Alexander Eisenberg, Head of Office EU Technical Market Access, BSH Home Appliances, Belgium; Simon Phipps, Vice Chair, TC CYBER EUSR, Standards & EU Policy Director, The Open Source Initiative, United Kingdom; Annegrit Seyerlein-Klug, Artificial Intelligence Organisation Specialist, intcube, Germany; Luis Miguel Vega-Fidalgo, Coordinator of International Cybersecurity Policy | DG CNECT, European Commission, Belgium [60 MIN]

Ballroom C

10:50 Becoming an EUCC CAB in a Member State With No Pre-Eucc National CC Scheme (S11a) Jussipekka Leiwo, Product Cyber Security Strategy Consultant, DNV Cyber, Finland

11:20 Competency Determination for CSA and Beyond (S11b) Dr. Helge Kreutzmann, Principal Advisor Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

11:50 Mobile Devices Compliance to the CRA through EUCC using ETSI CMD PP (TS 103 732 series)  (S11c) Boutheina Chetali, Security Certification Sr. Expert, Huawei Technologies, France

Ballroom A

13:20 Industrial Control Systems (ICS) Under the Cyber Resilience Act (CRA) (N12a) ICS
Anna Prudnikova, Head of International Cyber Security Services, Bureau Veritas Cybersecurity, Netherlands

13:50 Experience and Lessons Learned: Cybersecurity Compliance of Industrial Control Systems Base on Iec62443-4-2 Testing (N12b) Odei Olalde, Chief Technology Officer (CTO), Orbik Cybersecurity

14:20 The Spanish approach to NIS2 and CSA (N12c) Alma Aguilar, Adjunct to CCN’s Cybersecurity Director, Spanish National Cryptologic Centre, Spain

Ballroom B

13:20 Reality Check of the Reliance on EUCC Cybersecurity Certificate: the Case of QSCD Certification (S12a) Alban Feraud, Manager of Standardization and Regulatory Affairs, IN groupe, France

13:50 Panel Discussion: Building National Certification Schemes for the European Digital Identity Wallet—Challenges and Coordination Across the EU (S12b) Leader: Jose Emilio Rico Martinez, Cybersecurity Certification Leader, DEKRA Testing and Certification S.A.U., Spain; Panelists: Sander Dijkhuis, CTO, Cleverbase, Netherlands; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Rijksinspectie Digitale Infrastructuur, Netherlands; Johan Klykens, Director CCB Certification, CCB – Cybersecurity Centre Belgium, Belgium; Eric Vetillard, Lead Certification Expert, European Union Agency for Cybersecurity (ENISA) [60 MIN]

Ballroom C

13:20 CRA: From Theory to Practice (R12a) Jose Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain

13:50 Improving CRA Standardisation: Lessons Learned From TIC Council’s RED Delegated Act Hackathon (R12b) Dean Zwarts, Chair CACD WG (TIC Council) & Global Business Manager (UL Solutions), Belgium

14:20 Practical Implementation of Module H for Full Quality Assurance and EUCC Synergy (R12c) Pierre-Jean Verrando, Embedded Ecosystems: Data&Cyber Resilience, Eurosmart, Belgium; Philippe Proust, Security Director, Thales Group, France

Ballroom A

15:20 Implementing AI in High-Risk Applications: a Framework for EU AI Act and Cyber Resilience Compliance (L13a) Martin Ignatovski, CTO, Lightning Step, United States

15:50 Developing Your Own Local LLM (GenAI) for Cybersecurity GRC (L13b) Lee Yang Peng, Lead Cybersecurity Consultant, DACTA Global, Switzerland

16:20 Assurance in the AI Ecosystem: Security Assessment and Certification for AI Providers (L13c) Richard Rieben, Partner, Linford & Company, United States

16:50 Breaking the Evaluation Bottleneck: Practical AI Tools for Modern Security Certification (L13d) Sergio Casanova, CTO, Brightsight, Spain

Ballroom B

Track Sponsor

15:20 Strategy of a Security Technology Provider to Comply to European Cyber Regulations (R13a) Sylvain Guilley, CTO, Secure-IC, France

15:50 Harmonised Vertical Standards: Enablers of Effective CRA Implementation (R13b) Mohamad Hajj, Cybersecurity Solution Manager, Internet of Trust, France

16:20 Conformance Without the Complexity: a Roadmap for Regulatory Readiness (R13c) Carlos Serratos, Cybersecurity/IoT Certification Expert, GlobalPlatform, Netherlands

16:50 Navigating Uncertainty for NB: Strategies for CRA Readiness (R13d) Nuria Carrio, Cybersecurity Technical Director, Applus+ Laboratories, Spain

Ballroom C

15:20 Certification in the Face of Updates and Upgrades – an Outlook (S13a) Fabian Hodouschek, Head of Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

15:50 Building Cyber Resilience for Compute, Auto and IoT: Certification Strategies Under the EU Cybersecurity Act (S13b) Tomasz Wozniak, Hardware Security Certification Lead, Qualcomm

16:20 Beyond the Standard Wars: a Laboratory’s Universal Approach to Product Security Evaluation (S13c) Bill Yang, Fellow Security Evaluator, Brightsight, Netherlands

16:50 Criteria for Assurance in Developer Processes (S13d) Ingo Hahlen, Head of division CC Certification: Hardware, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Stefan Ropertz, Desk officer of the Division: Principles of Classified Information Bundesamt für Sicherheit in der Informationstechnik (BSI)

Ballroom A

09:00 Where Are We With the CRA Cryptography Requirements? (A20a) Markku-Juhani Saarinen, Professor of Practice, Tampere University, Finland

09:30 ECCG Cryptography Subgroup Update (A20b) Lucile Gallant Boisard, Cybersecurity Consultant, Internet of Trust, France

10:00 Security Evaluation Aspects of Cryptographic Implementations Supporting Hybridisation Including QKD and PQC (A20c) Guntram Wicke, Managing Evaluator Security Testing, Deutsche Telekom Security, Germany

Ballroom B

09:00 An Update on the EUCC Scheme (S20a) Philippe Blot, Head of Sector Certification, ENISA, Greece

09:30 Panel Discussion: EUCC Scheme—First Experience in Setting Up the Necessary Ecosystem (S20b) Leader: Ferenc Molnár, CEO, CCLab, Hungary Panelists: Rasma Araby, Managing Director atsec SE, atsec information security corporation, Sweden; Sebastian Fritsch, Head of ITSEF, secuvera, Germany; Richard Skalt, Advocacy Manager, Cybersecurity Office, TÜV SÜD, Germany; Graham Wallace, Managing Director, Senetas Europe [60 MIN]

Ballroom C

09:00 A CISO’s View on the CRA: Implementing Risk Methodologies at Enterprise and Product Scale (R20a) Sumit Chanda, Co-Chair, Charter of Trust, and COO Group Security and Business Lines CISO, Atos, United Kingdom

09:30 The EU CRA Program Implementation in Nokia (R20b) Fabio Vignoli, Head of Product Security, Nokia, Netherlands

10:00 100 Million Inputs or It Didn’t Happen! Effective Fuzz Testing for Embedded Software (R20c) Tobias Scharnowski, Research Lead Fuzzware, CISPA Helmholtz Center for Information Security, Germany

Ballroom A

11:00 Is There Something Wrong With Cryptography in Certified Products? (A21a) Vashek Matyas, Professor, Masaryk University, Czechia; Yasir Yakup Demircan, PhD student, Masaryk University, Czech Republic

11:30 Secure Boot and Key Management for Embedded Devices in the Post-Quantum Transition (A21b) Xin Qiu, Head of Aurora Networks’ PKI Center and Security Solutions, United States

12:00 Certifying the Uncertain: Cryptographic Assurance in the Age of Ai-Augmented Security Systems (A21c) Fouad Mulla, Lead, Cloud Security Architect, Arrow Electronics, Czechia

Ballroom B

11:00 Product Liability Meets Cybersecurity: Legal and Technical Challenges for Manufacturers (U21a) Amelia Alder, Counsel, Integrated Security Organisation, Switzerland; Andreas Meyer, Chief Product Security Officer, Knorr-Bremse

11:30 Panel Discussion: Bridging the Gap—EU Cyber Acts and US Cyber Regulatory Requirements (U21b) Leader: Eric Crusius, Partner, Hunton Andrews Kurth LLP, United States Panelists: Stuart Itkin, Chief Security Evangelist, FutureFeed, United States; Tom Tollerton, Principal, Forvis Mazars US, United States [60 MIN]

Ballroom C

11:00 German Experience Report: Implementation of EUCC (S21a) Sabrina Resch, Head of Division, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

11:30 Beyond Common Criteria: Lessons From Evaluation Practice for Europe’s Emerging Cyber Regulations (S21b) Marc Le Guin, Head of Evaluation Body, TUV Informationstechnik, Germany

12:00 I Assure You, It’s All Fine: Giving Attention to the Meaningfulness of EUCC Cybersecurity Certificates (S21c) Maurice Aarts, Senior Security Expert European Cybersecurity Certification, National Cybersecurity Certification Authority – Netherlands (NCCA) – Dutch Authority for Digital Infrastructure (RDI), Netherlands

Ballroom A

13:30 Unlock the Latest Updates on the CRA’s Vulnerability Handling Harmonised Standard (R22a) Angelo D’Amato, Founder / Cybersecurity Expert, Vulnir, Italy

14:00 Analysis of Vulnerability Management Process Implementation of Smart Connected Device (R22b) Massimo Ratti, Product Manager, Security Pattern

14:30 Converging Vulnerability Management and Risk Governance Under the EU CRA (R22c) Ritu Ranjan Shrivastwa, CISO, Secure-IC, France

Ballroom B

13:30 Beyond the Download Button: Managing Open Source Risk Under CRA (N22a) Augusto Velasco, CC Domain Cordinator, Fellow CC Evaluator, Brightsight, Spain

14:00 Panel Discussion: Standardisation Around the Cyber Resilience Act (N22b) Leader: Jordan Maris, EU Policy Analyst, the Open Source Initiative, Belgium Panelists: August Bournique, Special Rapporteur for Cyber Resilience Act Standardization, ETSI, Netherlands; Mohamad Hajj, Cybersecurity Solution Manager, Internet of Trust, France; Simon Phipps, Vice Chair, TC CYBER EUSR, Standards & EU Policy Director, The Open Source Initiative, United Kingdom; Daniel Thompson-Yvetot, CEO, CrabNebula, Malta [60 MIN]

Ballroom C

13:30 The New Managed Security Services (MSS) Certification Scheme (S22a) Philippe Blot, Head of Sector Certification, ENISA, Greece

14:00 Fixed-Time Cybersecurity Certification Under the CSA (S22b) Jonathan Gimenez, Policy officer – EU Cybersecurity Certification, ANSSI, France; Jens Ziegler, Head of Division—BSZ, NESAS Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI)

14:30 IoT – CRA Certification Scheme for BASIC Products (S22c) Johan Decock, Cybersecurity & Certification Expert, Centre for Cybersecurity Belgium, Belgium