*2022 edition numbers
- Freedom of speech
- Small groups to benefit the interaction between peers
- Structured talks with the partners
- Efficient networkingTalks about the evolution of the industry
- Le Before is accessible to all the partners of the Conference whatever their participation package
- 2 participation offers for partners: 100% Networking or Speaking, for one or two people
- Each partner has a reserved lunch table (table for 8 people including 6 guests chosen by the partner)
- The "partner" have the possibility to participate in one of the five commissions as well as in the Meet-up on registration
- At Le Before, guests are invited and selected exclusively by DG Consultants. They can then be invited by the partners to Les Assises
- Customized support and brand visibility
Le Before gathers 150 cybersecurity experts: 120 end-users: CISOs, CIOs and other IT decision-makers.
Number of guests at Le Before are very limited, please contact the visitor team if you wish to participate. Your request will be considered according to your profile, the number of registered participant per sector and the places available.
An intense day of high-level content: roundtables, commissions by sector and meetups.
Le Before's opening: a question of balance!
CISOs are tightrope walkers. Torn between their obligations and their means, between business understanding and operational reality, between time and immediate response.... They must constantly adapt: in their profession, it's all a question of balance!
To launch this new edition of Before, we invite you to explore this notion of balance through 3 different but complementary prisms:
IA FRIENDLY: 9:30am - 10:00am | Keynote Proofpoint : How to keep attackers at bay?
Ryan Kalember, EVP Cybersecurity Strategy, will explain how our latest developments use AI and our "people-centric" approach to prevent initial compromises, eliminate identity-related risks and then stop the progress of an attack, and finally how to manage these risks to your information, including from the inside...
This keynote will help you understand why it's so important to break the chain of attack, and finally reverse the general assumption that "the defender must be right 100% of the time, and the attacker only needs to be right once". Break the attack chain with Proofpoint: checkmate the attackers!
Ryan Kalember, EVP, Cybersecurity Strategy
Loïc Guézo, Senior Director, Cybersecurity Strategy Europe, Proofpoint
DATA SECURITY: 10am - 10:15am | CNIL : Cybersecurity and RGPD: an (almost) faithful couple
The CNIL presents its cybersecurity action, 5 years after the RGPD came into force :
- A look back at 5 years of personal data breach notifications
- Supporting players: from fundamentals for all to high-stakes systems
- Balancing system security and privacy: promoting virtuous solutions
Florent Della Valle, Head of CNIL's technological expertise department
BREAKTHROUGH INNOVATION : 10h15 - 10h45 | Successes and failures, disruptive innovation has two parents
Description about to come...
Marjolaine Grondin, CEO and Co-Founder, Jam
Moderated by Sébastien Couasnon, Host Tech 45' podcast
Resilience is his watchword. Two years of hospitalization and eight years of rehabilitation did not break Vincent Dorival's spirit. A firefighter with the BSPP, injured in the line of duty in April 2001 and now a quadriplegic, he has never lost his determination to overcome his condition, and has never ceased to find ways to get involved in the causes he holds dear.
In 2018, Vincent Dorival co-founded Ultraops, a project designed to offer sporting and adventure challenges to the injured. In 2019, the first team crossed Death Valley, a 309 km route in 14 days. In 2022, they took on the challenge of crossing the Bardenas Desert over 200 km in ten days, the equivalent of a half-marathon a day. In 2024, 14 injured people will tackle the 320 km crossing of Jordan.
Vincent Dorival invites us to rethink our relationship with risk, and to develop a culture of resilience: "Today, we live in a society that erects the principles of 'zero risk' and 'precaution' as absolute values. By trying to protect ourselves from all risk, we are not learning.
He has turned his injury into a strength. It marked the beginning of a battle, one that enabled him to reconnect with his passion: serving. "At the heart of Ultraops, we're trying to rediscover what we once knew in the army: the need to surpass ourselves, the fatigue... We're not going into battle in the sense of a weapons battle, but we're fighting against ourselves, against our handicaps. These courses certainly enable us to answer one of the most important questions: what meaning do we give to our own existence?"
Moderated by Mélanie Bénard Crozat, Editor-in-Chief, S&D Magazine and Impact For the Future
With Vincent Dorival, President, ULTRAOPS Association
The Roundtables & The commissions
The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commission
The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.
Anticipating cyberattacks is a matter of knowing your IS, its ecosystem, threats and enhanced surveillance
Anticipating cyber-attacks is a key element of cybersecurity, even if it doesn't exclude the need for better security! However, to be effective, anticipation must be holistic. It begins with upstream prevention (training, awareness-raising), involves the effective use of technologies and enhanced surveillance, and extends to the preparation and handling of any attack that may begin. It is based on a body of knowledge that must be maintained and shared.
- Knowledge of your perimeter and IS:
The motto "Know thyself" means rigging the right resources in the right places to protect yourself effectively. Which technologies should be exploited without adding to the complexity of the IS? How to overcome resource shortages? Use "red team", "bug bounty", "threat hunting"... Which assets, networks and components should be monitored first? Identify blind spots. What governance should be put in place (shadow IT, links between business lines, HR management)? What are the budget priorities? Setting up an SOC.
- Understanding your ecosystem:
What are the risks associated with partners and suppliers? How can they be constrained, particularly in terms of vulnerability management? What are the risks associated with the company's sector of activity? What are the geopolitical, regional and legislative impacts? How can information on threats, attacks and risks be shared within the company, but also with its ecosystem? its sector?
- Knowledge of threats:
Get to know the main threats and draw up scenarios to create reaction procedures and incident response reflex cards. Anticipate long-term and emerging technologies (post-quantum, AI, industrial systems deployed for decades...). Keep a geopolitical watch on new sources of threat and their evolution, and on new attackers.
- After a successful attack...
Communication and crisis management Identify blind spots and improve incident response reflex cards with REX.
Moderated by Sophy Caulier, journalist
Thierry Auger, Deputy CIO and CSO, Lagardère
Olivier Ligneul, Director of Cybersecurity, EDF Group
Loïc Guézo, Senior Director, Cybersecurity Strategy Europe, Proofpoint
Alexis Caurette, VP Strategy and Marketing, CyberDefense Solutions Business Line, Thales
Jean-Noel HARDELIN, Strategic Account Manager, Recorded Future
Attack surface: how to identify it, analyze it, reduce it or live with it?
Will we end up accepting the unacceptable? Leaving our digital and physical assets particularly exposed... The facts are clear: organizations are less and less able to define the true size and complexity of their attack surface.
In a hybrid, multi-Cloud world, coupled with the multiplication of APIs, will our methodologies, tooling and skills be continually called into question?
This new Before 2023 commission will focus on answering some essential questions: what do we need to do to identify the exposure of our information systems? How can we assess the risks of this exposure? How do we deal with the cases we don't know how to solve?
Moderated by Caroline Moulin-Schwartz, animator
Michel Cazenave, Regional CSO & CISO France, Monaco, Maghreb
Dominique Guiffard, Group CTO, Savencia
Stéphanie Buscayret, Chief Information Security Officer, Groupe Latécoère
Arnaud Legorjus, Director of Strategic Accounts, Tanium
Raja Mukerji, Co-founder and Chief Scientist, Extrahop
Developing an effective communications strategy for your Board and Comex: the new challenge for cybersecurity directors
Cyber risk has become an ontological risk for companies. It is urgent to communicate well or better about it!
This subject must be integrated at the highest level of understanding by board members, shareholders, regulators, executive committees, suppliers, and other partners. The security and cybersecurity manager needs to stay on top of things, but also adapt.
How do you simplify a sometimes technical discourse? How do you make the subject intelligible so as to win over the audience? How do you adapt your message to your audience?
How can we make information and the subject less anxiety-provoking, while remaining faithful to the situation in the field and its degree of complexity or seriousness? How can we encourage informed decision-making?
How can we understand and manage external influences that can sometimes be disruptive? How can we make cybersecurity an unavoidable and uncomplicated topic at the heart of COMEX and Board meetings?
Through testimonials, questioning and best practices, the community will open up to a new key aspect of the CISO and CISO function, enabling it - and the subject - to enter a new dimension.
Moderated by Mélanie Bénard Crozat, Editor-in-Chief, S&D Magazine and Impact For the Future
Patrick Ménez, Deputy Group CSO, Axa
Fabrice Bru, DSSI, Les Mousquetaires Group
Laurent Vibert, Crisis communications expert and CEO, Nitidis
Pierre Courbois, CEO of Bricorama Sillingy et Annemasse and member of the stime Board of Directors
NIS2 regulations: the challenge of turning a threat into an opportunity?
The NIS2 regulations are highly ambitious in the field of cybersecurity. On the one hand, it broadens the scope of public and private players concerned, and on the other, it strengthens the obligations of companies and public authorities. As part of the transposition of this text, every operator, whether private or public, must now consider whether it is concerned (as well as its entire value chain). If so, they will need to anticipate the new obligations that will weigh on the management of their information systems (notification obligation, etc.), and make their managers aware of the new responsibilities (increased power of sanction, etc.).
Moderated by Garance Mathias, Lawyer, Mathias Avocats
Maricela Pelegrin-Bomel, National IS Security Manager, EFS
Eric Vautier, Group CISO, ADP Group
Benoit Fuzeau, CISO, Casden Banque Populaire
Hervé Fortin, Group DPO, Servier
Incident response as part of a day-to-day cybersecurity strategy
The notion of incident response is often evoked in the context of a major cybersecurity event for the organization: ransomware, major data leaks or thefts, massive denial-of-service campaigns. Of course, you need to be prepared, and in particular make sure that your organization is ready to face up to such an event: have the right data, plan the teams and partners to mobilize, and above all carry out exercises to test the system.
But even more than that, incident response methods are often used on a day-to-day basis, to understand the origin of an incident and respond to it. Without mobilizing a crisis unit, strategies such as tracing incident management, mobilizing forensic and business expertise, involving legal decision-makers and taking collective decisions to improve security are proving indispensable...
The aim of the workshop is to explore the different facets of incident response, share best practices and suggest ways of organizing it so that it can be used more widely, wherever necessary. It will be based on concrete testimonials from incident response specialists, security force specialists and internal incident analysis teams.
One of the phases of the workshop could consist in unfolding a typical "everyday" incident and describing the contributions of each of these methods [break down into broad categories of methods].
Workshop participants can aim to leave the day with :
- a better understanding of incident response methods and techniques
- a better understanding of the players and their roles
- a new approach to day-to-day incident management and how to structure their teams and partnerships (especially for phases that need to be outsourced) to tackle it
- ideally, the willingness to implement these methods further, mobilizing all the players involved.
Moderated by Jérôme Saiz, Corporate Protection Expert, OPFOR Intelligence
Eric Freyssinet, Brigadier General, Senior Cyber Advisor to COMCYBERGEND
Sébastien Bombal, Technical Director, Ministry of Economy and Finance
Didier Gras, Group Chief Information Security Officer, BNP Paribas
Blandine Delaporte, Solution Engineer Director, SentinelOne
Flavien Moutardier, Senior Sales Engineer, CrowdStrike
Frédéric Le Bastard, Head of Anti-Cybercrime Department, La Poste Group
What does the future hold for IOT?
Although the term "Internet of Things" or IOT dates back to the last century (1999 MIT), these technological systems are now part of everyday life for businesses and individuals alike. They offer a multitude of applications based on the interconnection between the physical and virtual worlds: home automation, e-health, smart cities, logistics, industry, security, and more. By 2020, their number was estimated at between 30 and 80 billion. These objects make life easier for many individuals and companies, and represent real business development opportunities. Nevertheless, in this race to develop IoT products, many manufacturers invest little in security, which is not necessarily of greater concern to users of these solutions.
The security of these devices, as well as of the sometimes highly sensitive data they provide, is becoming a "cybersecurity" issue throughout the entire chain, starting with the design of the object, continuing with its manufacture and purchase, and ending with its use. But the IOT also calls into question notions as fundamental as the integrity of human life, with connected medical devices, autonomous cars... but also the sovereignty of our most sensitive data, whether personal, economic or strategic.
Together with specialists in the field, the commission will examine the opportunities offered by the IOT, but also the security risks and challenges it poses (1), the protection strategies that can be put in place (2), the measures that can/should be taken in the event of an attack on a system (3), the need for regulation and the complexities of competition it engenders (4), and also the role that manufacturers can/should have (5):
- manufacturers, who by their very nature have all the information on their product at their fingertips, and can therefore introduce safety during the development phase.
- public authorities, who do not have access to all product information, but can set standards that include safety.
- and end-users, who don't have access to any product information but need reassurance.
Moderated by Annick Rimlinger, Director of Safety & Security, Cyber & DataProtection, Aéma Group
Stéphane Tournadre, DSSI, Servier
Stéphane Nappo, Vice President. Global Chief Information Security Officer, Groupe SEB
Laurent Oudot, CTO & co-Founder, TEHTRIS
Michel Séjean, Professor of Private Law and Criminal Sciences, Sorbonne Paris Nord University
Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.
SI vs digital threats: Round 2 - Fight!
In this module, the lecturer offers an awareness of the unique challenges of cybersecurity in the industrial sector and the ways to preserve the security of critical infrastructures.
He will unpack specific approaches to protecting SCADA systems, industrial networks and equipment from attack.
Thomas Guilloux, industrial cybersecurity expert & Associate Director, CSB School
Digital CISO: going beyond spreadsheets to structure the cybersecurity IS!
The challenges facing CISOs are constantly evolving, but it has to be said that the role has clearly changed over the past 5 years. The move of CISOs up the hierarchy, more data to cross-reference and analyze, ever more demanding interlocutors, increased regulation and exciting innovations are all factors that have pushed CISOs to go beyond their trusty spreadsheets. Let's take a look at how the CISO's IS is structured, and where it's most effective.
Nadège Reynaud, Associate Director, TNP Consultants
Police, justice : interpeller et juger les cybercriminels
Find out how law enforcement agencies identify and apprehend cybercriminals, and how the courts judge them.
Our experts will show you the strategy you need to implement to be effective and preserve the interests of victimized companies, from filing a complaint right through to trial.
They will share tips on how to formalize the procedure, preserve digital evidence relevant to the investigation and present practical cyber case studies.
Myriam Quemener, Director, DPO, Agence Numérique de la Santé (Digital Health Agency)
Anne Souvira, Commissaire divisionnaire honoraire, former head of the cyber mission at the Préfecture de Police
Find out more about all the 2022 contents of Le Before in our withe paper:
Corporate CIO & Cybersécurité Groupe Director, Lagardère
Technical Director - Customs and Excise
Cybersécurité Director ,"Groupement Les Mousquetaires" and CESIN
Scientific Director - Office of the Director General of the Gendarmerie Nationale
CISO/CSO, PwC France
Group CTO, Savencia
Cybersécurité Director , EDF Group
Deputy Group CSO, Axa
Responsable national de la sécurité des systèmes d'informations, Etablissement Français du sang
Vice President Global Chief Information Security Officer, Groupe SEB
Security Director SI Servier
Group CISO, ADP Group