What is Le Before?

10 12.10.2022
Created in 2017, Le Before is a strategic gathering event for the cybersecurity market’s decision-makers. Scheduled the day preceding Les Assises, le Before welcomes a very limited number of participants is invited to exchange and debate about the future of cybersecurity.

120

participants

88

guests

33%

new participants

96%

satisfaction

(source: Goodlink)

*2020 edition numbers

The programme Roundtables The commissions Meetups Steering committee

Le Before’s guidelines
Freedom of speech
Small groups to benefit the interaction between peers
Structured talks with the partners
Efficient networkingTalks about the evolution of the industry

Participate as a partner in Le Before

Le Before is accessible to all Les Assises’ partners whatever their participation package
2 participation offers for partners : 100% Networking and speaking opportunity for one or two member(s)
Table for 8 reserved for lunch for each partner (2 collaborators and 6 guests)
Partners’ collaborator(s) can participate to one of the 5 commissions as well as the Meet-up if registered
Le Before guest list is handpicked by the DG Consultants team. Guests could be invited at Les Assises afterhand.
A premium follow-up to prepare your participation and brand brand visibility

Le Before is marked by key moments

Le Before gathers 150 cybersecurity experts: 120 end-users: CISOs, CIOs and other IT decision-makers.

Number of guests at Le Before are very limited, please contact the visitor team if you wish to participate. Your request will be considered according to your profile, the number of registered participant per sector and the places available.

The programme

An intense day of high-level content: roundtables, commissions by sector and meetups.

The Roundtables
The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commissions.
Programme of commissions 2022
The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.
How to secure and enhance your data?
Chairs:
Sébastien Bombal, Technical Director, Ministry of Economy and Finance.
Eric Freyssinet, Second-in-command, Gendarmerie Nationale dans le Cyberespace.
Moderator:
Annick Rimlinger, Safety and Security Director, Cyber & Data protection Aema group.
The digitalisation of the economy, the appearance of new uses, the various technological transformations, the implementation of new production processes, etc. have placed data at the heart of organisations. It has become a "raw material" which can open up new opportunities for all organisations, but which also constitutes a real factor of fragility. Data, or Data, Big Data or even micro Data, whatever the name or category, the challenge will be the same for public or private entities. It is necessary to :
- secure it by fighting against theft and leaks to protect the value of the information
- enhance it to exploit the now common masses of information collected
The commission will thus seek to see how the secure exploitation of data, insofar as it enables decision-making and management to be accelerated and secured, has now become central for IS professionals who combine this objective with those of the business lines on a daily basis. These include (among others): improving services and products, rationalising operating costs, etc.
Talking geopolitics to your board? How about influencing your entity's overall strategy to strengthen its cyber resilience?
Chairs:
Patrick Menez, Deputy Group CSO, Axa.
Cyrille Tesser, Director of Digital Legal Investigation, La Poste Group.
Moderator:
Mélanie Benard-Crozat, Journalist, Editor-in-Chief S&D Magazine.
Our interconnected and hyperconnected world no longer has any borders. Digital technology is becoming a major new geopolitical and strategic playing field. Thinking about the cybersecurity strategy of a company or an institution now requires taking into account these almost vital issues. In order to understand the challenges, anticipate the threats, address the day-to-day issues and think about the future, understanding the world and its relationships, interdependencies and crises are now part of our job requirements.
How will the state of the world of geopolitical relations evolve in 2022? What are the visible impacts and possible perspectives in the medium term? What approaches and steps should we take today to take these developments into account in our cybersecurity strategy? How do you see the future actions to be developed? What are the challenges for strengthening cooperation?
These are all subjects that we propose to address in a complex world where understanding what is happening will probably be one of the success factors of your future cybersecurity strategy. Several experts in geopolitics and cyber specialists will be invited to help us advance in our collective reflections.
IS Hybridisation and Security: when a new cyber reality is imposed on CISOs, CTOs and CIOs?
Chairs:
Dominique Guiffard, Group CTO, Savencia.
Stéphane Tournadre, IS Security Director, Servier.
Moderator:
Caroline Moulin-Schwartz, Technical Delegate, CRiP.
At a time when the major Cloud players are proposing to "reinvent" hybrids and extend their solutions to our "on premises" and "edge" environments, are we at a new crossroads? How far will they go and how far will we go with them? These questions are being asked more and more by IT departments who have nevertheless rapidly committed themselves to the hybridisation of their information systems. Computing power, budget savings, agility, innovation and even IS resilience were the chic and shocking arguments of the Move To Cloud trend. But with the rise in cyber attacks on the Cloud and the pressure on data security, the new black gold of the enterprise, cybersecurity has never been so central to the strategic challenges of organisations and their IT departments. Beyond the problems of observability of security raised by this forced hybridization, we will address the new challenges of cyber governance that are increasingly imposed on us and will reflect on solutions that are necessarily hybrid... The topics we propose to develop during the panel :
- From hybridization in the square to hybridization in the cube: the new hidden challenges of IS security.
- IS security and observability: a new organisational issue?
- Do SOCs have the capacity to "see everything"?
- Supplier blackout: an unimaginable hypothesis for some, and yet...
- A look at the legal implications of IS hybridisation?
- IS APIs and data protection: squaring the IS circle.
- AI- IoT- 5G: what impact on the security of a hybrid IS?
- Capex, sovereignty...: these arguments that are no longer arguments
External assessments of the company's cyber security. What are the risks? What are the challenges?
Chairs:
Olivier Ligneul, Cybersecurity Director, EDF Group.
Thierry Auger, Corporate CIO & Group Cybersecurity Director, Lagardère, President of Assises 2022.
Moderator:
Cécile Desjardins, Journalist.
Independently of its indicators, its monitoring strategy and the measurement of its cyber risk, the company is today confronted with numerous measures and ratings that it does not necessarily master. Sometimes based on criteria whose relevance is questionable, these evaluations are manipulated, qualified and interpreted by third parties (extra-financial rating specialists, insurers & brokers, auditors, third-party qualification agencies, etc.) who rarely have knowledge of all the necessary elements... Once published, they will be visible to internal bodies (Comex, financial management, administrators, audit committee) and thus risk putting the CISO in a prejudicial situation.
In this Before 2022 workshop, we propose an overview of these indicators, to identify the interest and the pitfalls to be considered, but also to think about the best ways to anticipate their implementation and the possible discrepancies with the company's internal risk assessment. We will also look at the construction, at the global level, of this external cyber risk assessment ecosystem and the issues at stake, in terms of confidentiality and data sovereignty.
We would like to bring in representatives of auditors and boards of directors, a director of European affairs from a large group and an expert on data sovereignty to discuss the following questions:
- Panorama: What are the tools used? Who are the organisations and businesses that issue external cyber ratings? How to judge the quality of the work of these organisations?
- Links with the governance of the company: What convergence or divergence with internal indicators of cyber risk? How can these assessments be integrated into its risk analysis? More broadly, how can they be integrated into the debate with the Comex, the audit committee, the CAC, brokers and insurers, credit or CSR agencies, etc.... ?
- Interactions with issuers: What relationship should be maintained with these bodies and their governance? How much effort should be devoted to these ratings (for both issuance and analysis)? How can we participate upstream in the construction of these indicators? How to control their evolution as well as the underlying reference systems?
- Regulation: Given the proliferation of indicators, what regulation should be envisaged? What are the problems of confidentiality and sovereignty that this poses? Is there a risk of inconsistency with certain legislation?
Cybersecurity of factories and industrial sites: how to converge OT and IT?
Chairs:
Eric Vautier, Group CISO, ADP Group.
Philippe Loudenot, Cyber Security Delegate, Pays de la Loire Regional Council.
Fabrice Bru, Cybersecurity Director, "Groupement Les Mousquetaires" and CESIN Administrator.
Moderator :
Jerome Saiz, Expert in business protection.
As early as 2009, it was clear that the biomedical world, automobile assembly lines and even uranium enrichment plants could be victims of cyber attacks. Then, the major waves of ransomware attacks showed - often painfully - that the IT and OT worlds were no longer isolated.
Especially as the business needs of manufacturers are naturally evolving towards greater interconnection (predictive maintenance, new KPIs to be monitored, etc.), which means that the OT and IT worlds must converge even more strongly.
Thus, industrial managers are beginning to understand that cyber incidents can impact the P&L of their plants, and even cause serious accidents for their employees and the population.
Secure, yes... but how?
- How to align the timeframe of these very different environments, when the life cycle of industrial equipment is of the order of 15 to 20 years, whereas it can be only 3 years for IT?
- How can technologies designed 20 years ago be integrated into modern environments?
- How to integrate the specific regulatory obligations of the industrial world (loss of warranty and maintenance), between radically different tools, protocols and practices (a simple scan in the IT world can bring down industrial equipment) and unknown uses of IT (need to leave sessions open 24/7, difficulty in entering a password with protection equipment, etc.), the convergence of IT and OT in terms of cybersecurity is an exciting and essential area of reflection...
Especially since smart cities, new fully automated supply chains and the proliferation of autonomous vehicles have already taken IoT out of the factory and into our daily lives!
Meetups
Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.