• Identity-based initial access
• Post-login persistence and privilege escalation
• Hybrid lateral movement across cloud and on-prem
• Where early intent reveals itself in telemetry
• Why EDR-first detection models miss the beginning

Agenda at a glance

1PM

Networking Lunch

2PM

Opening Keynote: Mind Your Attack Gaps Across Identity, Network, Cloud, and Endpoint Security

Lucie Cardiet, Cyberthreat Research Manager

In this session, Vectra AI breaks down how modern attackers move across identity, network, cloud, and endpoint controls without triggering obvious alarms. From exposed buckets and stolen credentials to token abuse and AI-assisted lateral movement, each step often looks legitimate in isolation. 

Using real-world breach examples and attacker chat logs, this talk walks through how adversaries exploit gaps between tools, persist even after eviction, and compress their timelines with automation and AI. 

2.45PM‍

Featured Session: Detection Strategy in the Era of Autonomous Exploit Discovery

Martin Roesch, Head of Cloud‍

Anthropic's Project Glasswing — announced just days before this conference — used their Claude Mythos model to autonomously discover thousands of zero-day vulnerabilities across every major operating system and browser, with fewer than 1% patched. This talk uses that moment as a forcing function to make the case that patch-first security is no longer a viable primary strategy: when AI can find exploitable flaws at machine speed, the only realistic defense is detecting attackers after they're in, not before. Martin Roesch, Vectra AI's Head of Cloud, walks through how Vectra Fusion's flow-based metadata architecture and real-time behavioral detection were built exactly for this world — providing coverage across hybrid and multi-cloud environments that works on encrypted traffic, detects lateral movement regardless of the initial exploit, and cuts dwell time when it matters most.

3.30PM

Networking Lunch

4.00PM

Guest Speaker: 2026 Threat Landscape: Nation-State Threats to Critical Infrastructure

Nicklas Keijser, Technical Lead OT - Detection Services, Truesec

A data-driven look at the 2026 threat landscape from Truesec, based on real-world incident response. Beyond the big-picture trends, this session zeroes in on the accelerating shift toward nation-state and state-aligned operations targeting critical infrastructure. Includes real-world examples and practical detection and defense priorities for organizations operating in or connected to critical infrastructure.

4.45PM‍

Closing Session: From Insight to Action - Defending Against Modern Threats

Martin Holmgren, Security Engineer‍

Bringing the day together, this session translates threat intelligence into practical defense strategies. Through live demonstrations and real use cases, see how modern detection approaches identify and stop advanced attacks in action. This session focuses on practical outcomes, and how security teams can close gaps, improve visibility, and respond effectively to today’s threats.

5.30PM onward‍

Peer Networking

Who should attend

This event is designed for:

• SOC leads responsible for detection strategy
• Security architects designing hybrid visibility
• Detection and response engineers tuning analytics
• Technical security decision-makers reassessing control effectiveness

Location

IOFFICE Business Center, Kungsgatan 60, 111 22 Stockholm Sweden