8:30 Coffee
9:30 Opening
Raef Meeuwisse - ISACA & Cyber Simplicity
9:45 Keynote: Why 3 lines of defense is not fit for digital innovation
Lokke Moerel - Cyber Security Raad
10:15 Keynote
Sir Rob Wainright - Deloitte
10:45 Coffee Break
11:15 From the basement to the boardroom
Stef Schinagl - VU
Peter Jacobs - McKinsey & Company Discussion
Lokke Moerel - Cyber Security Raad
Compliancy by Design
Astrid Karsten - Prowareness
11:45 Changing rooms
11:55 Implementing The Lessons From A Major Cyber-Attack
Stéfan Huyveneers - Maersk
Peter Kanbier & Aaldert Hofman - Schiphol Group Frans Leurink - 3D GeoSolutions en gloBld When Cloud meets Connectivity
Bart Oskam - Eurofiber
12:25 Changing rooms
12:35 Peter Kornelisse - EY Digital Transformation & Cyber Resilience
Deepinder Chhabra - ISACA London Chapter
Wilco Lourens / Albert de Koning - KPN Martijn Groeneweg - dmarcian Europe [TBA] [TBA]
13:05 Lunch
14:15 [TBA] Milena Milicevic Aida Demneri - Deloitte Blockchain: A Tool for Risk Management
Josina Rodrigues - Blockchain SVCS
[TBA] Fokke Jan van der Tol - Data Governance Consult
14:45 Changing rooms
14:55 Information Security Risk Management: Less Is More!
Jolanta Kulicki - Royal HaskoningDHV
Gideon Haan - Hogeschool Saxion Risk in Focus 2020
Peter Hartog - IIA
Networked Risk Management
André Smulders / Mark Buningh - TNO
15:25 Changing rooms
15:35 Beyond Russian hackers - Moscow's cyber landscape
Alex Bodryk - ISACA Moskow Chapter
Information Security risks and benefits when using Cloud Computing
Jenny Boneva - ISACA Sofia Chapter
Koen Gijsbers - NATO Official, Major General (RET) Anne-Marie Twigge [TBA] [TBA]
16:05 Coffee Break
16:35 Keynote
Yfke Laanstra - Futurist
17:15 ISACA Award
17:45 Wrap Up
Jos Maas - President ISACA NL Chapter
Raef Meeuwisse - Chairman of the day - ISACA & Cyber Simplicity
18:00 Drinks & Dinner

Main Sponsor Risk Event

The Risk Event is made possible by:


ISACA NL is het Nederlandse Chapter of
Chamber of commerce: 40412008


About het Risk Event

ISACA NL organizes the annual Risk Event. With a wide variety / diversity of speakers and different main streams; Business risks, IT security risks and innovation and technical risks. Each stream contains different seminars, where the participant can choose the program that best suits his wishes and interests.

Prof. Lokke Moerel, Cyber Security Raad

Why 3 lines of defense is not fit for digital innovation

The new digital technologies (and in particular artificial intelligence, AI) enable many new services that disrupt existing business models. The new business models in turn present new privacy issues and ethical dilemmas, and societal resistance to the excesses of the new data economy is becoming increasingly visible and urgent. It is a challenge for established companies to both drastically innovate in order to remain future-proof and at the same time take social responsibility. Research by MIT Sloan CISR (2019) reports that U.S. listed companies that have a digital savvy board show substantially better financial performance. What is a digital savvy board? What are the differences between the old and the new world? What are the new ethical dilemmas and how do you prevent making the same mistakes as Big Tech? Why does innovation fail so often within the existing structures of established companies? If innovation is better achieved in small and agile teams, how does this fit into the command and control structure of compliance-driven organizations, such as financial institutions? How do we ensure a more balanced discussion of the risks of implementing new technologies, which include risks if the company does not innovate? And why does the 3 lines of defense model for risk management insisted on by supervisory authorities has an inhibitory effect on innovation in practice? We will discuss how to navigate the new world and to ensure AI for the Good.

Leading global expert on new technologies and cyber, with proven track record on shaping frontier global AI projects, combining global data assets of multinationals in the financial services, health care, technology and recruitment sectors with the deep mind technologies of U.S. tech giants to create next generation AI solutions.
Senior of Counsel with the leading global technology law firm Morrison & Foerster (Berlin), Professor of of global technology & law at Tilburg University, member of the Dutch Cyber Security Council (the advisory body of the Dutch cabinet on cybersecurity), expert on cyber of the European Commission’s Horizon2020 Innovation Program and member of the Monitoring Committee of the Dutch Corporate Governance Code.
Lokke received the 2018 International Law Office Client Choice Award for Best Internet & Technology lawyer Germany and the 2018 Acquisition International Global Excellence Award for Most Influential Woman in Data Protection Law.

Sir Rob Wainwright, Deloitte

Sir Rob Wainwright is a senior partner at Deloitte North South Europe, working within the firm’s global cyber security and financial crime practice. He previously served as Executive Director of Europol, the European Union law enforcement agency, for almost a decade. Here he helped established the European Counter Terrorism Centre and the European Cybercrime Centre, and led the transformation of Europol into a world-class security institution. Sir Rob has had a 25-year career in intelligence, policing, government, EU and international affairs, including at the Serious Organised Crime Agency, National Criminal Intelligence Service and the British Security Service. In June 2018 he was awarded a Knighthood by HM The Queen for his services to security and policing. He has worked across a range of pioneering security solutions in technology, data and intelligence operations, including driving new public-private initiatives on cyber security and financial crime in banking and other sectors through the World Economic Forum (WEF) and Institute of International Finance. Sir Rob is also a Board Member of the WEF Centre for Cyber Security and the Global Cyber Alliance.

Stef Schinagl, VU

From the basement to the boardroom: Organizing security in the digital age.

Organizations are confronted with an increasingly dynamic environment in which technology plays a central role. In his research, he looks at the impact of this digital development on the way security is organized. To survive in the digital age, organizations must change. The need for change is seen but all too often denied, underestimated or forgotten. In his presentation he aims to provide a forecast to this change from a theoretical point of view; learning from “High Reliability Organizations” and he delves deeper into the obstacles that keep organizations from transforming.

Stef Schinagl combines his professional career as an information security & privacy consultant with a PhD research at the VU. He likes to share the first results of his research after interviewing 40 CISOs within large Dutch organizations. Security takes a different position within the digital world. Organizations must change to survive. But why doesn’t this happen naturally?

Astrid Karsten, Prowareness

Compliancy by Design - Ensuring compliance in an Agile organization

To guarantee an agile transformation, it is important to think about various themes such as technology, talent development and compliance. But how do you connect compliance and (working in) agile teams? What is “Compliancy by Design”, can it offer a solution and above all; how do you get started with it? Astrid takes you through these questions in an interactive session so that you can immediately take the next step in your organization.

Astrid Karsten is an experienced Agile Consultant. She supervised for example various transformations at KPN, Vitens, Rabobank and the KNVB, among others. In addition, she regularly speaks about Agile, change management and personal leadership. She recently bundled her hands-on experiences, together with three other consultants, in the book “Agile Transforming – A practical approach for structurally accelerating and making organizations agile”

Stéfan Huyveneers, Maersk

Implementing The Lessons From A Major Cyber-Attack

On Tuesday 27 June 2017, A.P. Moller – Maersk was one of many global companies to be hit by a malware later known as NotPetya. This presentation will discuss the event as it happened and the lessons learned. It will discuss the cyber attack, corporate communication, root cause analysis, financial impact, cyber risks and lessons and the new attack surface on digital and OT.

Stéfan Huyveneers joined Maersk in November 2014 and is in his current role he is responsible for delivering high-quality Cyber Security consultancy within Maersk Technology across all brands of AP Moller-Maersk. Prior to joining Maersk, Stefan was a Manager New Technologies & Security and before that IT-auditor at PwC. He is a tech savvy professional with broad and deep experience in security, risk, project management and audit.

Bart Oskam, Eurofiber

When Cloud meets Connectivity - On the irreversible and irresistible convergence of digital infrastructure

In this session, Bart will share his views on how 5G, cloudification, edge computing and software defined connectivity are converging towards intelligent, application-aware, ubiquitous, (secure?), digital platforms. 

Bart Oskam (1966) is a management consultant and former member of the board of directors of Eurofiber Group. Before joining Eurofiber, Bart worked as a senior manager at KPN, BaByXL and Tiscali. He is extremely optimistic about the importance of telecom and digital infrastructure for achieving technological, economic and social progress.

Deepinder Singh Chhabra, ISACA London Chapter

Digital Transformation & Cyber Resilience

We are on the verge of 4th revolution. Digital transformation is disruptive. Digital Transformation is driving the explosion of applications within an enterprise. The race to digital transformation is driving the speed. New business models are being developed. At the same time the number and intensity of cyber breaches are increasing. We Cybersecurity, Governance, Risk and Compliance/audit professionals have no choice but to adapt and innovate. How can we do it? What options are available to us? Attend this session to find out more.

Established Chartered IT Governance, Risk, Security and Compliance Professional. Experienced in managing risk and security at transnational level. Self-motivated with strong determination to achieve targets and deliver security projects to add value to Business.

Jolanta Kulicki, Royal HaskoningDHV

Less Is More: Information Security Risk Management

Organizations want to work and provide (digital) services in a world of open communication via the Internet, cloud, mobile working and mobile devices which means we take the issue of protecting our data and privacy very seriously. If we can reduce security risk we will reduce business risk! This means understanding and managing security risk is a core element of sustaining a secure business environment in digital business transformation, that requires businesses to not only think of security as a business risk, but to act on this too. However, managing risk can create an administrative and bureaucratic nightmare as no one within an organization understands it. Therefore, her motto today is: ‘Less Is More’. During the presentation, Jolanta will provide you some practical tips for business oriented and pragmatic security risk management.

Jolanta Kulicki is Royal HaskoningDHV’s Corporate Information Security Officer. Jolanta is allocated in the office at Amersfoort and has responsibility for the company’s information security, including cyber security. Jolanta provides management direction for information security in accordance with the business requirements, as well as keeping up to data with the relevant laws and regulation. Jolanta also has previous experience in Civill Engineering, Consulting services, Health insurance and Information (Security) Management.

Peter Hartog, Manager Professional Practices @ IIA Nederland

Risk in Focus 2020 - Hot topics voor Risicomanagement en Internal Audit

Together with 7 other European Institutes for Internal Auditors, IIA Netherlands has identified the 10 most impactful risks of 2020. These are based on a survey and interviews of more than 500 Chief Audit Executives.
The report provides you a guide for analyzing the risks in your organization and is therefore a practical tool to focus your activities on the most important risks for your organization.
The presentation will explicitly address the questions that the risk manager and internal auditor should ask themselves and the organization. And thus offers you targeted tools for evaluating the specific risks in your own organization.

Peter Hartog works on developing and sharing knowledge and good practices in the broad field of internal auditing. Before that, he worked for 25 years as an external consultant in the areas of management control, risk management and internal audit, at KPMG and ACS. He is the author of many publications and an experienced teacher (including at the Erasmus School of Accounting & Assurance). He also has experience as a Compliance Manager and Risk Manager.

Alex Bodryk, ISACA Moscow

Beyond Russian hackers - Moscow's cyber landscape

  • Russia in Digital – brief overview or Russian digital economy and its key players (unicorns, digital government and so).
  • Regulation – expanding to Russia, what to expect from security regulation point of view when you are working for a bank, FMCG manufacturer or have to process a lot of personal data.
  • People – where ‘hackers’ live, how they are paid and whom they protect in Russia and beyond.
  • Technology – Russian cybersecurity tools and vendors landscape, excluding local compliance-focused ones, from globally recognized (Kaspersky-like) to new faces in trending product categories.

Alex Bodryk, CISA, ITIL Expert is a cybersecurity specialist with 10 years experience serving major corporations in cybersecurity sphere (up to 180 000 seats). During his career he took part in projects within SOC, threat intelligence, DevSecOps, identity management and security awareness domains as a client, vendor, VAR, TI and MSS provider.

Jenny Boneva, ISACA Sofia Chapter

How the Cloud challenges Information Security aspects in the digital transformation era - Information Security risks and benefits when using Cloud Computing

One of the goals of digital transformation is to use new and fast-changing digital technologies to solve business problems. To gain competitive advantage, optimize resources or increase efficiency via automation are just few examples of why the business focuses and puts priorities on the digitalization.
IT modernization such as using Cloud Computing supports innovation and creativity by enabling flexibility when business and technical operational models are changed, but at the same time exposes the business to a new variety of Information Security (IS) challenges. Our session will be focused on IS risks and benefits when cloud solutions are used.

Jenny Boneva is an Information Security (IS) consultant and also working as Vice President of ISACA Sofia Chapter.
In 2019 Jenny was awarded as one of Europe’s 50 most influential women in Cybersecurity by SC Media UK.
She has more than 14 years of IT and IS experience.