Innovation in the cybersecurity field: what will the next game changers be?

From 4:30 pm to 7:00 pm

Technological progress in the cybersecurity field is very swift. Innovation is at the very core of this evolution. But will today's innovations be tomorrow's game changers? Which technologies will ensure tomorrow's cybersecurity across the entire cybersecurity chain, from anticipating threats to responding to incidents? And, on the other hand, which ones will only be met with limited success? Is it only possible to know that in advance? Similarly to artificial intelligence, which is now being used by attackers, what new risks can technological advances induce? Given that technologies can be misused with malicious intent and backfire on their creators, should they be seen as allies or enemies? Behavioural analysis, automation and orchestration, threat detection, risk analysis, remediation: what will the technology landscape in the cybersecurity field look like in 15 years?
In association with
5:00 pm - 5:05 pm
OPENING SPEECH by Alain BOUILLÉ, General Delegate of CESIN

5:05 pm - 5:25 pm
on "Surveil, Predict, Control -- Repeat"

5:25 pm - 5:45 pm
DEBATE with Zeina ZAKHOUR, Global CTO, ATOS; Thierry AUGER, CISO Lagardère Group; and Florent KIRCHNER, Head of Department at CEA
on "Innovation in the cybersecurity field: what will the next game changers be?"

5:50 pm - 6:00 pm
FIC PARTNER KEYNOTE, by James Alliband, Senior Product Marketing Manager, VMware

"When the pandemic exposed the cracks in our security posture"
"Months into the Covid-19 pandemic, we accelerated our digital transformation programs with one thing in mind: setting up a remote workforce of the future. Now with 40% of employees choosing a remote work future one thing was for sure, our legacy security posture wasn’t going to be up to the task. Ransomware, supply chain attacks, critical infrastructure on its knees are just some of the examples of where the bad actors have been getting ahead of the game. Join me where I will talk about the evolving threat landscape and explain why its paramount to ensure your security strategy is tightly integrated with you digital transformation program."

6:00 pm - 6:10 pm
FIC PARTNER KEYNOTE, by Boris LECŒUR, France Director, Cloudflare

"SASE from myth to reality, a pragmatic approach with Cloudflare"
"The Internet has become the new corporate network, which requires technologies to secure and facilitate new post-Covid-19 usages. Applications are now hosted everywhere: on public, private clouds, on data centers, as colocation, deployed in SaaS. Customers, partners, and users are also distributed all over the world and it is essential to have cybersecurity solutions as close as possible to users and customers (everywhere). Gartner put a name to this type of solution and called it SASE (Secure Access Service Edge) and Zero Trust: that's what Cloudflare has been doing for the past 10 years: protecting and accelerating everything that is connected (website, API, Saas, users, Datacenter, IoT) with a 100% cloud-native solution."

6:10 pm - 6:20 pm
FIC PARTNER KEYNOTE, by Ketty CASSAMAJOR, Solution Engineering Manager for W&S Europe, CyberArk

[In French only]
"Sécurité des identités dans le Cloud : détecter les risques et y remédier efficacement !"
La mise en œuvre du principe du moindre privilège - une bonne pratique essentielle en matière de cybersécurité – représente une étape clé dans la sécurisation des accès et des identités privilégiés dans le Cloud.
Dans un monde parfait, chaque identité serait configurée pour n'avoir que les privilèges et autorisations nécessaires pour exécuter ses fonctions prévues - ni plus, ni moins. Mais même l'équipe de sécurité la plus proactive vous confirmera que c'est beaucoup plus facile à dire qu'à faire.
La nature dynamique du cloud conduit souvent à des erreurs de configuration pouvant entraîner l'accumulation d'autorisations inutilisées. Selon plusieurs études, cette affectation d’autorisations excessives aux comptes et aux rôles constitue d’ailleurs la principale erreur de configuration dans le cloud aujourd'hui. La conséquence est que les attaquants peuvent exploiter ces autorisations pour accéder à l'infrastructure cloud critique, voler ou modifier des données sensibles ou interrompre les services hébergés dans le cloud. Pour répondre à cette problématique, nous vous expliquerons comment Cyberark Cloud Entitlements Manager (CEM) peut vous aider à améliorer la visibilité sur vos entités IAM tout en détectant les permissions excessives et risquées dans vos environnements Cloud.

6:20 pm - 6:50 pm
on "Innovation in Cyber - possible game-changers"
The Club des Experts de la Sécurité de l'Information et du Numérique - CESIN - is an association that promotes the exchange of knowledge, the sharing of experience and the cooperation between information and digital security professionals. Its active members are experts holding management positions in information and digital security (CISO, DSSI, DSI).

The CISO, at the very heart of incident response

From 9:00 am to 11:30 am

The CISO is no longer the technical expert he has often been and still has the reputation of being. He must approach cybersecurity from multiple angles: technical, of course, but also operational, legal, insurance-related, strategic organisational, etc. He has therefore become a "conductor" for the operational departments, the other "support" functions, and of course, the executive committee. At the heart of its missions lies risk analysis, which is essentially cross-cutting and therefore collaborative. How can we best involve the operational departments, so as to raise the awareness of executive committees about cybersecurity issues and the need to strengthen the role and resources of the CISO? How can we turn risk analysis into a real managerial approach?
In association with
9:30 am - 9:35 am
OPENING SPEECH by Luména DULUC, General Delegate of Clusif

9:35 am - 9:45 am
on the "Feedback from the AFNOR Group in the face of a cyber attack"

9:45 am - 9:55 am
sur EU approach to crisis management

9:55 am - 10:15 am
DEBATE with Cyril BRAS, Deputy Chairman of IN.CRT, Jérôme POGGI, CISO Ville de Marseille and Philippe Cotelle, Board Member, AMRAE

"The CISO, at the very heart of incident response"

10:20 am - 10:30 am
FIC PARTNER KEYNOTE, by Paul BAYLE, Head Of Security and Group Chief Security Officer, ATOS

[In French only]
"Le quotidien du RSSI est-il devenu un état d'extra vigilance permanent ?"
"Depuis quelques années, la succession de plans d'action de crise préventive et la nécessité de se mettre en état d'extra vigilance permanent est devenue une réalité du quotidien du RSSI. Dans un contexte d'accroissement significatif du risque cyber, impactant tout le monde, même les plus préparés, comment anticiper et gérer au mieux les menaces ?"

10:30 am - 10:40 am
FIC PARTNER KEYNOTE, André Porruncini, Enterprise Account Executive, SOPHOS

[In French only]
"Comment gérer la réponse aux incidents de cybersécurité dans un contexte où les attaques sont de plus en plus complexes ?"
"Le rôle du RSSI évolue et ne doit pas être celui d’un expert technique, mais un coordinateur de ressources internes et externes pour se prémunir et répondre contre les attaques de plus en plus complexes. Conscient de ces enjeux, il faut savoir proposer des services d’interventions d’urgence pour gérer les crises potentielles. Lors de cet atelier, découvrez comment appréhender une attaque et comment y réagir. Notre vision en tant qu’expert de la cybersécurité et de cyberdéfense, est de faciliter la protection contre ces nouvelles attaques sophistiquées. Nous répondrons à deux thématiques pour que le RSSI aborde la cybersécurité sous des angles multiples : Sophos a développé des technologies de protections reconnues comme leader sur ce segment de marché. Nos services à travers des APIs, présentent des tableaux de bords intuitifs, pour faciliter la prise de décisions. Nous présenterons comment les services de Sophos rendent plus facile la manière d’appréhender la complexité des attaques modernes avec Sophos Managed Threat Response (MTR) et Rapid Response pour la Détection et la Réponse aux incidents, qui garantissent la surveillance du système d’information à travers une expertise externalisée."

10:40 am - 10:50 am

"Visibility, Measure and Preparedness, the CISO toolkit"
"Today, the CISO role is full of challenges. Being able to gain visibility through the fog caused by an incident, in order to get a better understanding of the situation and establish objectives is a key element of success. Join us in a discussion with David Grout, in order to understand the key pillars of this approach and the way to implement them within your organisation."

10:50 am - 11:20 am
MASTERCLASS by Guy-Philippe GOLDSTEIN, lecturer at the Ecole de Guerre Economique, advisor to PwC, researcher and consultant on cyber security and cyber defence issues
Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications. It brings together all sectors of the economy around cybersecurity and digital trust in two colleges, suppliers and users.

Regulation of the digital space: will distrust prevail?

From 4:30 pm to 7:00 pm

Software vulnerabilities, development of cyber threats, cyber spying, cyberwarfare, economic imbalances and dependencies, "fake news"...: the digital transition is likely to bring about distrust of digital technology and, more generally, of technological progress. There is now an urgent need to better regulate this transnational space, which has become an essential element in any human activity. Such regulation must allow states — which are currently struggling to reach agreement on the subject, — companies and civil society to have a say. What standards will enable to establish trust between these actors whose stakes and interests are so different? How can we create a "trusted cloud" in a globalised economy where it is simply impossible to control the entire chain, ranging from infrastructure to software and data? What are the responsibilities of hardware manufacturers, software publishers, and states? How should the vulnerability market be controlled? What cooperation could take place between public and private actors?
In association with
4:45 pm - 4:50 pm
WELCOME SPEECH by Henri d'AGRAIN, General Delegate of Cigref

4:50 pm - 5:00 pm
KEYNOTE by Aurélien Palix, Deputy Director of Networks and Digital Uses at the DGE

5:00 pm - 5:10 pm
SPEECH by Jean Claude LAROCHE, President "Cercle Cybersécurité" of Cigref and CIO of Enedis

5:10 pm - 5:55 pm
DEBATE (in English) with Danielle Jacobs, CEO of Beltug, Arthur GOVAERT, President CIO Platform Netherlands and CIO at Radboud University Medical Centre, Joachim REICHEL, member of the Board of Voice, CIO of BSH Home appliances, and Bernard DUVERNEUIL, President of Cigref & CDIO of Elior Group
On Regulation of the digital space: priorities of European associations

6:00 pm - 6:10 pm
FIC PARTNER KEYNOTE, by Alexis CANTO, Account Executive, BeyondTrust
"How to access Universal Privilege Management?"
"Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware, and inflict damage. 
It is now critical for organizations to secure every user, every session and every resource in their IT environment.
To do this, it is important to understand:
- Why relying on password management alone leaves dangerous gaps in protection?
- How can you disrupt the chain of cyberattacks with privileged access security controls?
- What are the essential steps to reduce the attack surface?
- What are the keys to a frictionless PAM solution that is invisible to end users?
In this session, BeyondTrust will help you answer all these questions."

6:10 pm - 6:20 pm
FIC PARTNER KEYNOTE, by Liran TAL, Developer Advocate at Snyk

"Are We Forever Doomed To Software Supply Chain Security?"
"The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code."

6:20 pm - 6:40 pm
INTERVENTION AND CONCLUSION by Henri d'AGRAIN, General Delegate of Cigref
As an association of major French companies and public administrations, Cigref's mission is to develop their capacity to integrate and master digital technology.

Critical infrastructure: the challenge of resilience

From 9:00 am to 11:30 am

Critical infrastructure is a prey of choice for ever more ambitious and aggressive attackers. As a result, states face a major resilience challenge in ensuring their (cyber)security, as they place special requirements on said infrastructure. At European level, this is the objective of the NIS (Network and Information Security) directive, which specifies a series of network and information security requirements for "digital service providers" (DSPs) and "operators of essential services " (OESs). But are these provisions sufficient to build a secure and trusted digital space in Europe? How can these requirements be turned into concrete (cyber)security measures or arrangements, both technical and organisational?
In association with
9:30 am - 9:35 am

9:35 am - 9:50 am
KEYNOTE by Dieter HUTTER, SecProPort Project, Protecting Port from Cyber-attacks

09:50- 10:20

10:20 am - 10:30 am
FIC PARTNER KEYNOTE, by Hervé BOUTEMY, Sales Engineer, Sonatype
[In French only]
"Comment se protéger contre les nouvelles attaques sur l'écosystème Open Source"
"À l'heure où les attaques contre les chaînes logicielles se multiplient dans le monde entier - comme récemment l'attaque par Dependency Confusion et la brèche de SolarWinds - il n'a jamais été aussi important d'instaurer une culture de la sécurité au sein de vos équipes de développement. Rejoignez-nous pour découvrir : - Une brève évolution des attaques de la chaîne logistique logicielle. - Les étapes à suivre pour se concentrer sur les risques réels et potentiels. - Des actions claires et pratiques à mettre en œuvre dès aujourd'hui pour protéger votre chaîne logicielle."

10:30 am - 10:40 am
FIC PARTNER KEYNOTE, by Timothée MANGENOT, Regional Sales Manager, Synopsys

"Building Security in DevOps with Intelligent Orchestration"
"Building security automation into the DevOps pipeline is a key pain point for many organisations. A risk-based, intelligent, adaptive DevOps pipeline can close the gap between DevOps and security teams, helping DevOps teams accelerate deployment to production without compromising security. Intelligent orchestration consists in automatically triggering the security activities defined in the policies according to the characteristics of each application: criticality, stage in the development life cycle, size of changes ... The objective is to perform the right test, at the right time, and at the right depth at the speed of development teams. The Synopsys France team is at your disposal to guide you on the path to AppSec."

10:40 am - 10:50 am
FIC PARTNER KEYNOTE, by Laurent AINSA, LastPass Key Account Manager, LOGMEIN

[In French only]
"L’importance de créer une culture de la sécurité au sein de l’entreprise"
"Le mot de passe est le premier échelon de la sécurité informatique. Mais à l’heure du télétravail, des outils SAAS et des comptes utilisateurs, les salariés utilisent entre 80 et 120 mots de passe. Dans ce contexte, difficile de résister à la tentation d’utiliser toujours le même et de préférence, pas trop dur à retenir. Cette réalité, les RSSI doivent composer avec au quotidien. Alors comment faire évoluer les usages, les mentalités et insuffler une culture de la sécurité au sein de l’organisation ?"
The Club des Directeurs de Sécurité et de sûreté des Entreprises is an association that aims to federate the experiences of security and safety professionals within companies. It gathers private and public companies represented within the club by their security or safety director (or equivalent functions with other names: risk manager, risk director, general secretary...).

An event
organized by


With the support of

Last editions