What is Le Before?

12.10.2021
Created in 2017, Le Before is a strategic gathering event for the cybersecurity market’s decision-makers. Scheduled the day preceding Les Assises, le Before welcomes a very limited number of participants is invited to exchange and debate about the future of cybersecurity.

120

participants

88

guests

33%

new participants

99%

satisfaction

(source: Goodlink)

*2020 edition numbers

The programme Roundtables The commissions Meetups Steering committee

Le Before’s guidelines
Freedom of speech
Small groups to benefit the interaction between peers
Structured talks with the partners
Efficient networkingTalks about the evolution of the industry

Participate as a partner in Le Before

Le Before is accessible to all Les Assises’ partners whatever their participation package
2 participation offers for partners : 100% Networking and speaking opportunity for one or two member(s)
Table for 8 reserved for lunch for each partner (2 collaborators and 6 guests)
Partners’ collaborator(s) can participate to one of the 5 commissions as well as the Meet-up if registered
Le Before guest list is handpicked by the DG Consultants team. Guests could be invited at Les Assises afterhand.
A premium follow-up to prepare your participation and brand brand visibility

Partners already confirmed on Le Before 2021

Le Before is marked by key moments

Le Before gathers 150 cybersecurity experts: 120 end-users: CISOs, CIOs and other IT decision-makers.

Number of guests at Le Before are very limited, please contact the visitor team if you wish to participate. Your request will be considered according to your profile, the number of registered participant per sector and the places available.

The programme

An intense day of high-level content: roundtables, commissions by sector and meetups.

9:30 a.m | Keynote RiskIQ

GRC vs. Security Operations – How Digital Transformation can help two departments in an organization to collaborate for better visibility and controls?

Digital Transformation helps organizations to be more competitive by adopting Cloud technologies. This shift has both advantages, such as more agility to adjust to new ways of business and cost reduction, but also disadvantages like loss of visibility of their internet assets, security incidents, breaches, bad reputation etc.

While GRC teams are looking to comply with regulation and manage risks, security teams try to handle and prevent emerging threats.

Both teams could use the same dataset to work with but it's rarely the case. During this presentation we will give an overview of how various internet dataset can be turned into various deliverables, such as KPI dashboards, KRI work streams, and actionable Attack Surface Threat Intelligence.

Speakers : Cyril VOISIN (EMEA Leader, Chief Security Advisors - Microsoft) and Frédéric SAULET (VP Sales South EMEA - RiskIQ)

10:15 a.m| MasterClass

Discussion with Virginie Tournay, Research Director at CNRS, attached to CEVIPOF (Sciences Po) and author of SF novels.

Virginie Tournay was part of the Red Team mission set up in 2019 by the Defense Innovation Agency (AID) with the Armed Forces Staff (EMA), the Directorate General of Armaments (DGA) and the Directorate-General for International Relations and Strategy (DGRIS) as part of the Defense Innovation Orientation Document.

The project aims to anticipate the technological, economic, societal and environmental risks likely to generate potential conflicts by 2030-2060. Composed (among others) of researchers, writers, soldiers ... the mission has already given rise to two scenarios "Chronicle of an announced cultural death" anticipation of a society of virtual communities against the backdrop of a bioterrorist attack, and "The Sublime Porte opens again" anticipation of a technological revolution which upsets the practices of war.

During this masterclass, Virginie Tournay will present the link between scientific foresight and science fiction based on the Red Team experience, and explain the role of intellectuals in these anticipatory scenarios.

6:30 p.m | Closing conference

"Digital transformation and Cyber-security: how to accelerate one without degrading the other? "

Jean-Paul MAZOYER, Deputy Managing Director in charge of the Technologies and Digital Division of the Crédit Agricole Group.

With a long experience in the technological field and as a business manager, Jean-Paul Mazoyer will come to share during this closing conference, his vision of digital transformation, the changes that this causes in IS and business organizations. and the role of CISOs in the face of increasing cyber risks.

The Roundtables
The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commissions.
The commissions
The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.
1) Regulation, sovereignty… What national and international context for tomorrow?
Presidents: Philippe Loudenot Cyber Security Delegate, Pays de la Loire Regional Council and Sébastien Bombal, Technical Director at the Ministry of the Economy, Finance and Recovery Moderator: Mélanie Benard-Crozat, Journalist. Editorial director of S&D magazine
Faced with an extremely complex subject, the work of the committee will revolve around three highlights:
A 2020–21 review
regulatory and normative changes
national and international initiatives in terms of cybersecurity and digital sovereignty
A feedback that will be based on a questionnaire sent upstream to all participants.
A debate which will have to answer various questions:
Do we have the right standardization tools?
What are the supervisory bodies for these initiatives? How effective are the actions?
2) The resilience of organizations in the face of new crises.
Presidents: Patrick Menez Deputy Group CISO, Axa and Stéphane Tournadre Director of Security SI Servier
Moderator: Caroline Moulin-Schwartz, Speaker and Technical Delegate of CRiP
As crime and geopolitical conflicts drift into cyber, it has never been so difficult to imagine the crises to come. And yet our governments are actively preparing for new forms of war. But what about our organizations? How to prepare to live in a system where the threat will be permanent? How to learn to manage crises which will become complex and multifactorial? Beyond cyber crisis management, we must prepare for new forms of resilience. We will be working on this foresight exercise in the next Before. An exercise that will allow us to co-construct new resilient systems that integrate the notion of systemic crisis.
3) When geopolitics invites itself into cyber, when clashes between states weigh on the security of companies, how to apprehend these new risks and integrate them into the definition of an IS strategy?
Presidents: Fabrice Bru Cybersecurity Director, "Groupement Les Mousquetaires" and Administrator of CESIN and Dominique Guiffard Group CTO, Savencia
Moderator: Jérôme SAIZ Consultant, Opfor Intelligence
Geopolitical contexts have accustomed us to economic, cultural, industrial and political wars. We see that these wars are spreading more and more in the digital arena.
Thus, we can become collateral victims by using digital services that can be the target or weapon of geopolitical conflicts between nations (eg SolarWind). In addition, we are challenged to implement a long-term global IS strategy, taking into account the varied and even contradictory national regulatory contexts. Today we are disarmed. Geopolitics is not always a risk taken into account by CISOs. They are sometimes ignorant of the cultural and political approaches of the countries where their company operates. The following questions may arise:
How to follow the evolutions of the geopolitical situation in order to adapt the IS and SSI strategies?
Should we take more into account the geopolitical contexts in our projects, in our strategic plans?
Should we plan for "cultural, ethnic, political and religious" training when working internationally, adapted to the digital world?
If the infrastructures of our strategic suppliers (Microsoft, Google, AWS, etc.) are the subject of major attacks, are we among the customers to be "sacrificed"? What are the impacts in our resilience strategy? Can we become pawns in the digital war between states (eg Stuxnet)? How to identify actors and stakeholders?
We invite you to share your experiences, testimonies, thoughts on a new subject, unexpected but which has become more significant, that we must take into account in our choices and risk analyzes.
4) Extended company: How to develop trust within its ecosystem?
Presidents: Thierry Auger Corporate CIO & Group CISO, Lagardère and Olivier Ligneul Cybersecurity Director, EDF Group
Moderator: Cécile Desjardins, Journalist
The extended enterprise has become a true ecosystem made up of partners, suppliers, freelancers, etc. but also tools and applications, increasingly driven by the cloud. Accelerated by the pandemic, Digitalization and remote work are now leading us to realize the need to develop trust and to orchestrate the rules of administration, security, compliance, monitoring of this ecosystem ...
What are the challenges?
What transformations need to be made?
Do we need a rapid adjustment of the regulations applicable to each other and therefore work with the competent authorities?
Do we need a Chief Ecosystem Officer? What would be its mission and what would be its tools?
5) The innovative cybertech ecosystem: Let's decipher it together!
Presidents: Malika Pastor Director of Information Systems and Digital, Colliers Group and Cyrille Tesser Director of digital legal investigation, La Poste Group
Moderator: Annick Rimlinger, Safety & Security, Cyber & Data Protection Director, Aema Group
This commission proposes to address four main areas of reflection:
SMART & STRATEGIC TECHNO TRENDS: What emerging innovations in CyberTech to watch for its CyberProtection and to transform its extended IS?
STANDARDS / LABELS / CERTIFICATION: Which ones to meet legal constraints & to respect regulatory compliance (and mainly data security)?
KEY ACTORS / CYBERSEC INNOVATION CIRCLE: What role do Cyber partners play in ensuring this digital trust? (Startup; Cyber Campus; CyberDéfense Factory…)
NEW CYBERSEC SKILLS (emergence): Who says new / emerging technologies says new methodologies says new skills but also new behaviors?
Meetups
Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.
"The risk of corruption: Prevention, detection, sanctions"
Animated by Garance Mathias, Lawyer at the Paris Bar, Cabinet Mathias Avocats
While waiting for the draft laws to overhaul the Sapin 2 law, whistleblowers:
Towards strengthening anti-corruption obligations
Towards a framework for lobbying
Towards a high authority for probity
How to anticipate these new risks? What compliance approach to take?
"AI, business and law"
Moderated by Myriam Quemener, General Counsel, Paris Appeal Court, specializing in digital law
Artificial intelligence by deploying high-performance algorithms can help businesses but at the same time it raises legitimate questions.
Today, legal platforms, such as LegalTech, provide businesses with reliable digital solutions and cutting-edge IT tools.
Through real-time AI and intelligent automation, business decision-making and productivity can be improved. However, the use of AI and therefore algorithms cannot be done without prior reflection. Indeed, most innovative digital products and services now based on algorithms, it is confidence in the algorithmic processing of data from companies. consumers, which is a major strategic issue. This trust is established by developing a responsible "by design" algorithm approach, which requires companies to incorporate ethical criteria.
The meet up may address in particular:
The challenges of AI for the company: between mistrust (the risk of bias) and trust
Examples of AI applications
What strategy to put in place for a responsible AI
Build an AI roadmap
"Dealing with vulnerabilities in 2021: hope or despair?"
Moderated by Jean-Marc Boursat, Group Enterprise CSO, TotalEnergies, Administrator of Clusif
The volume of publication on vulnerabilities is constantly increasing and the percentage of critical vulnerabilities is also increasing: IT teams must therefore apply more and more patches at increasingly short notice. What are the RSSI's weapons in the face of this seemingly lost battle?
The objective of the workshop is to share our findings and our difficulties in dealing with vulnerabilities in 2021 and to discuss good practices or solutions that allow us to get out of them. Participants will have to answer questions about The vulnerability treatment strategy: Should it be changed? Should we change the security policy in the face of changing circumstances? Responsibility sharing: How to empower stakeholders? How to educate businesses and users on the subject of vulnerabilities?
Management of remediation: How to avoid overloading the teams? How to industrialize the process and what are the conditions for success? Other questions can of course be debated on this broad subject.
"Risk mapping: First major step in risk management"
Moderated by Helène Dubillot, Director of the Scientific Pole of AMRAE
Computer attacks, supply chain failures, natural disasters hampering business continuity, but also strengthening of the regulatory environment or volatility of currencies, or raw materials are all sources of uncertainty that can weigh on the achievement of objectives. business performance and profitability. In an increasingly uncertain and complex world, knowledge of risks and the means of controlling them is essential to the performance of companies. Risk Management is becoming more than ever the bedrock of responsible business. This implies, for companies to set up a system, led by a member of the organization and to define, with its Board of Directors / Supervisory Board, a specific risk appetite and risk management policy. Carrying out a mapping, which will formalize and prioritize the major risks, is a first step. The purpose of this meet-up will be to present this flagship risk management tool and to see its evolution over time.
Cyberinsurance: what do we do with your data?
Moderated by Sébastien Héon, Deputy Chief Underwriting Officer at SCOR
Have you ever wondered what happens to the information you provide to insurers? Each year, CISOs present their company's cybersecurity to a panel of insurers. How is this information used? Are they too high level or on the contrary too technical? What are the essential subjects?
This workshop aims to discuss this annual dialogue between policyholders and insurers and to identify avenues for improvement.
Sharing information: why? How?
Moderated by Eric Doyen and Didier Gras, Treasurer and Administrator of Cesin
The increasing volume of Cyber incidents, their impacts and the complexity of some attacks demonstrate the importance of information sharing within our Cyber community.
In an increased interconnected world, our companies simultaneously play a role of partner, supplier AND customer and it is not easy to maintain this sharing.
We wish to take advantage of the privileged moment of the Before to discuss, in a small group, the feedback and what we could capitalize on to maintain and develop this sharing which remains one of the keys to the success of our trusted community.