Le Before 2021

 A lot of things are said during Le Before but all this richness cannot be reflected on the summary sheets. This is why we wanted to do this White Paper which brings together some additional elements and that we are happy to share with our community because in cybersecurity, exchange and communication are more essential than ever.

Download the white paper (only in French)

The programme Roundtables 

The commissions  Meetups Steering committee

Partners confirmed on Le Before 2021

The programme

 An intense day of high-level content: roundtables, commissions by sector and meetups.

9:30 a.m | Keynote RiskIQ

GRC vs. Security Operations – How Digital Transformation can help two departments in an organization to collaborate for better visibility and controls?

Digital Transformation helps organizations to be more competitive by adopting Cloud technologies. This shift has both advantages, such as more agility to adjust to new ways of business and cost reduction, but also disadvantages like loss of visibility of their internet assets, security incidents, breaches, bad reputation etc.

While GRC teams are looking to comply with regulation and manage risks, security teams try to handle and prevent emerging threats.

Both teams could use the same dataset to work with but it's rarely the case. During this presentation we will give an overview of how various internet dataset can be turned into various deliverables, such as KPI dashboards, KRI work streams, and actionable Attack Surface Threat Intelligence.

Speakers : Cyril VOISIN (EMEA Leader, Chief Security Advisors - Microsoft) and Frédéric SAULET (VP Sales South EMEA - RiskIQ)

10:15 a.m| MasterClass

Discussion with Virginie Tournay, Research Director at CNRS, attached to CEVIPOF (Sciences Po) and author of SF novels.

Virginie Tournay was part of the Red Team mission set up in 2019 by the Defense Innovation Agency (AID) with the Armed Forces Staff (EMA), the Directorate General of Armaments (DGA) and the Directorate-General for International Relations and Strategy (DGRIS) as part of the Defense Innovation Orientation Document.

The project aims to anticipate the technological, economic, societal and environmental risks likely to generate potential conflicts by 2030-2060. Composed (among others) of researchers, writers, soldiers ... the mission has already given rise to two scenarios "Chronicle of an announced cultural death" anticipation of a society of virtual communities against the backdrop of a bioterrorist attack, and "The Sublime Porte opens again" anticipation of a technological revolution which upsets the practices of war.

During this masterclass, Virginie Tournay will present the link between scientific foresight and science fiction based on the Red Team experience, and explain the role of intellectuals in these anticipatory scenarios.

6:30 p.m | Closing conference

"Digital transformation and Cyber-security: how to accelerate one without degrading the other? "

Jean-Paul MAZOYER, Deputy Managing Director in charge of the Technologies and Digital Division of the Crédit Agricole Group.

With a long experience in the technological field and as a business manager, Jean-Paul Mazoyer will come to share during this closing conference, his vision of digital transformation, the changes that this causes in IS and business organizations. and the role of CISOs in the face of increasing cyber risks.

 

The Roundtables

The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commissions.

The commissions

The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.

1) Regulation, sovereignty… What national and international context for tomorrow?

Presidents: Philippe Loudenot Cyber ​​Security Delegate, Pays de la Loire Regional Council and Sébastien Bombal, Technical Director at the Ministry of the Economy, Finance and Recovery Moderator: Mélanie Benard-Crozat, Journalist. Editorial director of S&D magazine

Faced with an extremely complex subject, the work of the committee will revolve around three highlights:

A 2020–21 review

  • regulatory and normative changes
  • national and international initiatives in terms of cybersecurity and digital sovereignty

A feedback that will be based on a questionnaire sent upstream to all participants.
A debate which will have to answer various questions:

  • Do we have the right standardization tools?
  • What are the supervisory bodies for these initiatives? How effective are the actions?

2) The resilience of organizations in the face of new crises.

Presidents: Patrick Menez Deputy Group CSO Axa and Stéphane Tournadre Director of Security SI Servier
Moderator: Caroline Moulin-Schwartz, Speaker and Technical Delegate of CRiP

As crime and geopolitical conflicts drift into cyber, it has never been so difficult to imagine the crises to come. And yet our governments are actively preparing for new forms of war. But what about our organizations? How to prepare to live in a system where the threat will be permanent? How to learn to manage crises which will become complex and multifactorial? Beyond cyber crisis management, we must prepare for new forms of resilience. We will be working on this foresight exercise in the next Before. An exercise that will allow us to co-construct new resilient systems that integrate the notion of systemic crisis.

3) When geopolitics invites itself into cyber, when clashes between states weigh on the security of companies, how to apprehend these new risks and integrate them into the definition of an IS strategy?

Presidents: Fabrice Bru Cybersecurity Director, "Groupement Les Mousquetaires" and Administrator of CESIN and Dominique Guiffard Group CTO, Savencia
Moderator: Jérôme SAIZ Consultant, Opfor Intelligence

Geopolitical contexts have accustomed us to economic, cultural, industrial and political wars. We see that these wars are spreading more and more in the digital arena.

Thus, we can become collateral victims by using digital services that can be the target or weapon of geopolitical conflicts between nations (eg SolarWind). In addition, we are challenged to implement a long-term global IS strategy, taking into account the varied and even contradictory national regulatory contexts. Today we are disarmed. Geopolitics is not always a risk taken into account by CISOs. They are sometimes ignorant of the cultural and political approaches of the countries where their company operates. The following questions may arise: 

  • How to follow the evolutions of the geopolitical situation in order to adapt the IS and SSI strategies?
  • Should we take more into account the geopolitical contexts in our projects, in our strategic plans?
  • Should we plan for "cultural, ethnic, political and religious" training when working internationally, adapted to the digital world?
  • If the infrastructures of our strategic suppliers (Microsoft, Google, AWS, etc.) are the subject of major attacks, are we among the customers to be "sacrificed"? What are the impacts in our resilience strategy? Can we become pawns in the digital war between states (eg Stuxnet)? How to identify actors and stakeholders?

We invite you to share your experiences, testimonies, thoughts on a new subject, unexpected but which has become more significant, that we must take into account in our choices and risk analyzes.

4) Extended company: How to develop trust within its ecosystem?

Presidents: Thierry Auger Corporate CIO & Group CISO, Lagardère and Olivier Ligneul Cybersecurity Director, EDF Group
Moderator: Cécile Desjardins, Journalist

The extended enterprise has become a true ecosystem made up of partners, suppliers, freelancers, etc. but also tools and applications, increasingly driven by the cloud. Accelerated by the pandemic, Digitalization and remote work are now leading us to realize the need to develop trust and to orchestrate the rules of administration, security, compliance, monitoring of this ecosystem ...

  • What are the challenges?
  • What transformations need to be made?
  • Do we need a rapid adjustment of the regulations applicable to each other and therefore work with the competent authorities?
  • Do we need a Chief Ecosystem Officer? What would be its mission and what would be its tools? 

5) The innovative cybertech ecosystem: Let's decipher it together!

Presidents: Malika Pastor Director of Information Systems and Digital, Colliers Group and Cyrille Tesser Director of digital legal investigation, La Poste Group
Moderator: Annick Rimlinger, Safety & Security, Cyber ​​& Data Protection Director, Aema Group

This commission proposes to address four main areas of reflection: 

  • SMART & STRATEGIC TECHNO TRENDS: What emerging innovations in CyberTech to watch for its CyberProtection and to transform its extended IS?
  • STANDARDS / LABELS / CERTIFICATION: Which ones to meet legal constraints & to respect regulatory compliance (and mainly data security)?
  • KEY ACTORS / CYBERSEC INNOVATION CIRCLE: What role do Cyber ​​partners play in ensuring this digital trust? (Startup; Cyber ​​Campus; CyberDéfense Factory…)
  • NEW CYBERSEC SKILLS (emergence): Who says new / emerging technologies says new methodologies says new skills but also new behaviors?

Meetups

Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.

"The risk of corruption: Prevention, detection, sanctions"

  • Animated by Garance Mathias, Lawyer at the Paris Bar, Cabinet Mathias Avocats

While waiting for the draft laws to overhaul the Sapin 2 law, whistleblowers:

Towards strengthening anti-corruption obligations
Towards a framework for lobbying
Towards a high authority for probity

How to anticipate these new risks? What compliance approach to take? 

"AI, business and law"

  • Moderated by Myriam Quemener, General Counsel, Paris Appeal Court, specializing in digital law

Artificial intelligence by deploying high-performance algorithms can help businesses but at the same time it raises legitimate questions.

Today, legal platforms, such as LegalTech, provide businesses with reliable digital solutions and cutting-edge IT tools.

Through real-time AI and intelligent automation, business decision-making and productivity can be improved. However, the use of AI and therefore algorithms cannot be done without prior reflection. Indeed, most innovative digital products and services now based on algorithms, it is confidence in the algorithmic processing of data from companies. consumers, which is a major strategic issue. This trust is established by developing a responsible "by design" algorithm approach, which requires companies to incorporate ethical criteria.

The meet up may address in particular:

  • The challenges of AI for the company: between mistrust (the risk of bias) and trust
  • Examples of AI applications
  • What strategy to put in place for a responsible AI
  • Build an AI roadmap

"Dealing with vulnerabilities in 2021: hope or despair?"

  • Moderated by Jean-Marc Boursat, Group Enterprise CSO, TotalEnergies, Administrator of Clusif

The volume of publication on vulnerabilities is constantly increasing and the percentage of critical vulnerabilities is also increasing: IT teams must therefore apply more and more patches at increasingly short notice. What are the RSSI's weapons in the face of this seemingly lost battle?
The objective of the workshop is to share our findings and our difficulties in dealing with vulnerabilities in 2021 and to discuss good practices or solutions that allow us to get out of them. Participants will have to answer questions about The vulnerability treatment strategy: Should it be changed? Should we change the security policy in the face of changing circumstances? Responsibility sharing: How to empower stakeholders? How to educate businesses and users on the subject of vulnerabilities?
Management of remediation: How to avoid overloading the teams? How to industrialize the process and what are the conditions for success? Other questions can of course be debated on this broad subject.

"Risk mapping: First major step in risk management"

  • Moderated by Helène Dubillot, Director of the Scientific Pole of AMRAE

Computer attacks, supply chain failures, natural disasters hampering business continuity, but also strengthening of the regulatory environment or volatility of currencies, or raw materials are all sources of uncertainty that can weigh on the achievement of objectives. business performance and profitability. In an increasingly uncertain and complex world, knowledge of risks and the means of controlling them is essential to the performance of companies. Risk Management is becoming more than ever the bedrock of responsible business. This implies, for companies to set up a system, led by a member of the organization and to define, with its Board of Directors / Supervisory Board, a specific risk appetite and risk management policy. Carrying out a mapping, which will formalize and prioritize the major risks, is a first step. The purpose of this meet-up will be to present this flagship risk management tool and to see its evolution over time.

Cyberinsurance: what do we do with your data?

  • Moderated by Sébastien Héon, Deputy Chief Underwriting Officer at SCOR

Have you ever wondered what happens to the information you provide to insurers? Each year, CISOs present their company's cybersecurity to a panel of insurers. How is this information used? Are they too high level or on the contrary too technical? What are the essential subjects?
This workshop aims to discuss this annual dialogue between policyholders and insurers and to identify avenues for improvement.

Sharing information: why? How? 

  • Moderated by Eric Doyen and Didier Gras, Treasurer and Administrator of Cesin

The increasing volume of Cyber ​​incidents, their impacts and the complexity of some attacks demonstrate the importance of information sharing within our Cyber ​​community.

In an increased interconnected world, our companies simultaneously play a role of partner, supplier AND customer and it is not easy to maintain this sharing.

We wish to take advantage of the privileged moment of the Before to discuss, in a small group, the feedback and what we could capitalize on to maintain and develop this sharing which remains one of the keys to the success of our trusted community.

Steering committee

Thierry Auger 2024
Thierry Auger

Corporate CIO & Cybersécurité Groupe Director, Lagardère

Sébastien Bombal

Technical Director - Customs and Excise

Fabrice Bru

Cybersécurité Director ,"Groupement Les Mousquetaires" and CESIN

Eric Freyssinnet

Scientific Director - Office of the Director General of the Gendarmerie Nationale

Michel Cazenave

CISO/CSO, PwC France

Olivier Ligneul

Cybersécurité Director , EDF Group

Patrick Menez 2024
Patrick Menez

Deputy Group CSO, Axa

Maricela Pelerin-Bomel

Responsable national de la sécurité des systèmes d'informations, Etablissement Français du sang

Stéphane Nappo

Vice President Global Chief Information Security Officer, Groupe SEB

Stéphane Tournadre 2024
Stéphane Tournadre

Security Director SI Servier

Eric Vautier 2024
Eric Vautier

Group CISO, ADP Group