What is Le Before?

9 11.10.2023
Created in 2017, Le Before is a strategic gathering event for the cybersecurity market’s decision-makers. Scheduled the day preceding Les Assises, le Before welcomes a very limited number of participants is invited to exchange and debate about the future of cybersecurity.

180

participants

120

guests

19

partner companies

100%

satisfaction

(source: Goodlink)

*2022 edition numbers

Le Before’s guidelines
Freedom of speech
Small groups to benefit the interaction between peers
Structured talks with the partners
Efficient networkingTalks about the evolution of the industry

Participate as a partner in Le Before

Le Before is accessible to all the partners of the Conference whatever their participation package
2 participation offers for partners: 100% Networking or Speaking, for one or two people
Each partner has a reserved lunch table (table for 8 people including 6 guests chosen by the partner)
The "partner" have the possibility to participate in one of the five commissions as well as in the Meet-up on registration
At Le Before, guests are invited and selected exclusively by DG Consultants. They can then be invited by the partners to Les Assises
Customized support and brand visibility

Le Before is marked by key moments

Le Before gathers 150 cybersecurity experts: 120 end-users: CISOs, CIOs and other IT decision-makers.

Number of guests at Le Before are very limited, please contact the visitor team if you wish to participate. Your request will be considered according to your profile, the number of registered participant per sector and the places available.

The programme

An intense day of high-level content: roundtables, commissions by sector and meetups.

The Roundtables
The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commission
The commissions
The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.

2023 commissions:

Anticipating cyberattacks is a matter of knowing your IS, its ecosystem, threats and enhanced surveillance
Anticipating cyber-attacks is a key element of cybersecurity, even if it doesn't exclude the need for better security! However, to be effective, anticipation must be holistic. It begins with upstream prevention (training, awareness-raising), involves the effective use of technologies and enhanced surveillance, and extends to the preparation and handling of any attack that may begin. It is based on a body of knowledge that must be maintained and shared.
- Knowledge of your perimeter and IS:
The motto "Know thyself" means rigging the right resources in the right places to protect yourself effectively. Which technologies should be exploited without adding to the complexity of the IS? How to overcome resource shortages? Use "red team", "bug bounty", "threat hunting"... Which assets, networks and components should be monitored first? Identify blind spots. What governance should be put in place (shadow IT, links between business lines, HR management)? What are the budget priorities? Setting up an SOC.
- Understanding your ecosystem:
What are the risks associated with partners and suppliers? How can they be constrained, particularly in terms of vulnerability management? What are the risks associated with the company's sector of activity? What are the geopolitical, regional and legislative impacts? How can information on threats, attacks and risks be shared within the company, but also with its ecosystem? its sector?
- Knowledge of threats:
Get to know the main threats and draw up scenarios to create reaction procedures and incident response reflex cards. Anticipate long-term and emerging technologies (post-quantum, AI, industrial systems deployed for decades...). Keep a geopolitical watch on new sources of threat and their evolution, and on new attackers.
- After a successful attack...
Communication and crisis management Identify blind spots and improve incident response reflex cards with REX.

Moderated by Sophy Caulier, journalist
Speakers :
Thierry Auger, Deputy CIO and CSO, Lagardère
Olivier Ligneul, Director of Cybersecurity, EDF Group

Attack surface: how to identify it, analyze it, reduce it or live with it?
Will we end up accepting the unacceptable? Leaving our digital and physical assets particularly exposed... The facts are clear: organizations are less and less able to define the true size and complexity of their attack surface.
In a hybrid, multi-Cloud world, coupled with the multiplication of APIs, will our methodologies, tooling and skills be continually called into question?
This new Before 2023 commission will focus on answering some essential questions: what do we need to do to identify the exposure of our information systems? How can we assess the risks of this exposure? How do we deal with the cases we don't know how to solve?

Moderated by Caroline Moulin-Schwartz, animator
Speakers :
Michel Cazenave, Regional CSO & CISO France, Monaco, Maghreb
Dominique Guiffard, Group CTO, Savencia

Developing an effective communications strategy for your Board and Comex: the new challenge for cybersecurity directors
Cyber risk has become an ontological risk for companies. It is urgent to communicate well or better about it!
This subject must be integrated at the highest level of understanding by board members, shareholders, regulators, executive committees, suppliers, and other partners. The security and cybersecurity manager needs to stay on top of things, but also adapt.
How do you simplify a sometimes technical discourse? How do you make the subject intelligible so as to win over the audience? How do you adapt your message to your audience?
How can we make information and the subject less anxiety-provoking, while remaining faithful to the situation in the field and its degree of complexity or seriousness? How can we encourage informed decision-making?
How can we understand and manage external influences that can sometimes be disruptive? How can we make cybersecurity an unavoidable and uncomplicated topic at the heart of COMEX and Board meetings?
Through testimonials, questioning and best practices, the community will open up to a new key aspect of the CISO and CISO function, enabling it - and the subject - to enter a new dimension.

Moderated by Mélanie Bénard Crozat, Editor-in-Chief, S&D Magazine and Impact For the Future
Speakers :
Patrick Ménez, Deputy Group CSO, Axa
Fabrice Bru, DSSI, Les Mousquetaires Group

Regulations: NIS2 regulations: the challenge of turning a threat into an opportunity?
The NIS2 regulations are highly ambitious in the field of cybersecurity. On the one hand, it broadens the scope of public and private players concerned, and on the other, it strengthens the obligations of companies and public authorities. As part of the transposition of this text, every operator, whether private or public, must now consider whether it is concerned (as well as its entire value chain). If so, they will need to anticipate the new obligations that will weigh on the management of their information systems (notification obligation, etc.), and make their managers aware of the new responsibilities (increased power of sanction, etc.).

Moderated by Garance Mathias, Lawyer, Mathias Avocats
Speakers :
Maricela Pelegrin-Bomel, National IS Security Manager, EFS
Eric Vautier, Group CISO, ADP Group
Benoit Fuzeau, CISO, Casden Banque Populaire

Incident response as part of a day-to-day cybersecurity strategy
The notion of incident response is often evoked in the context of a major cybersecurity event for the organization: ransomware, major data leaks or thefts, massive denial-of-service campaigns. Of course, you need to be prepared, and in particular make sure that your organization is ready to face up to such an event: have the right data, plan the teams and partners to mobilize, and above all carry out exercises to test the system.
But even more than that, incident response methods are often used on a day-to-day basis, to understand the origin of an incident and respond to it. Without mobilizing a crisis unit, strategies such as tracing incident management, mobilizing forensic and business expertise, involving legal decision-makers and taking collective decisions to improve security are proving indispensable...
The aim of the workshop is to explore the different facets of incident response, share best practices and suggest ways of organizing it so that it can be used more widely, wherever necessary. It will be based on concrete testimonials from incident response specialists, security force specialists and internal incident analysis teams.
One of the phases of the workshop could consist in unfolding a typical "everyday" incident and describing the contributions of each of these methods [break down into broad categories of methods].
Workshop participants can aim to leave the day with :
- a better understanding of incident response methods and techniques
- a better understanding of the players and their roles
- a new approach to day-to-day incident management and how to structure their teams and partnerships (especially for phases that need to be outsourced) to tackle it
- ideally, the willingness to implement these methods further, mobilizing all the players involved.

Moderated by Jérôme Saiz, Corporate Protection Expert, OPFOR Intelligence
Speakers :
Eric Freyssinet, Scientific Director, Office of the Director General of the Gendarmerie Nationale
Sébastien Bombal, Technical Director, Ministry of Economy and Finance

What does the future hold for IOT?
Although the term "Internet of Things" or IOT dates back to the last century (1999 MIT), these technological systems are now part of everyday life for businesses and individuals alike. They offer a multitude of applications based on the interconnection between the physical and virtual worlds: home automation, e-health, smart cities, logistics, industry, security, and more. By 2020, their number was estimated at between 30 and 80 billion. These objects make life easier for many individuals and companies, and represent real business development opportunities. Nevertheless, in this race to develop IoT products, many manufacturers invest little in security, which is not necessarily of greater concern to users of these solutions.
The security of these devices, as well as of the sometimes highly sensitive data they provide, is becoming a "cybersecurity" issue throughout the entire chain, starting with the design of the object, continuing with its manufacture and purchase, and ending with its use. But the IOT also calls into question notions as fundamental as the integrity of human life, with connected medical devices, autonomous cars... but also the sovereignty of our most sensitive data, whether personal, economic or strategic.
Together with specialists in the field, the commission will examine the opportunities offered by the IOT, but also the security risks and challenges it poses (1), the protection strategies that can be put in place (2), the measures that can/should be taken in the event of an attack on a system (3), the need for regulation and the complexities of competition it engenders (4), and also the role that manufacturers can/should have (5):
- manufacturers, who by their very nature have all the information on their product at their fingertips, and can therefore introduce safety during the development phase.
- public authorities, who do not have access to all product information, but can set standards that include safety.
- and end-users, who don't have access to any product information but need reassurance.

Moderated by Annick Rimlinger, Director of Safety & Security, Cyber & DataProtection, Aéma Groupe
Speakers :
Stéphane Tournadre, DSSI, Servier
Stéphane Nappo, Vice President. Global Chief Information Security Officer, Groupe SEB

Meet-ups
Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.
2023 meet-ups:
About to come
Find out more about all the 2022 contents of Le Before in our withe paper:
Download the 2022 edition white paper (only in French)