PwC Cybersecurity & Privacy Day - 12 March 2026 - Agenda

• Antoine Goichot, Advisory Senior Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg
• Martino Tommasini, Advisory Senior Associate, Cybersecurity & Ethical Hacker, PwC Luxembourg

No advanced custom exploits, no cutting-edge AI tooling, no zero-day, yet full compromise.
Drawing from our penetration testing experience, this session reveals how attackers continue to succeed using the same basic techniques, year after year, because long-known weaknesses still persist in modern environments.
The good news? Stopping them isn’t about new technologies or AI solutions, but about solid, well-known security fundamentals.

• Edouard D'hoedt, Advisory Manager, Cybersecurity & Incident Handler, PwC Luxembourg
• Hayk Gevorgyan, Advisory Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg

With all the advanced security tools available in Azure and Microsoft 365, it’s easy to assume the basics are covered by default... yet many of today’s breaches still start with simple misconfigurations and overlooked fundamentals.
Drawing on our hands-on experience from configuration reviews, building secure cloud infrastructures, incident response and running red team exercises in hybrid environments, we’ll uncover the most common (and surprisingly persistent) mistakes we see in the field.
You’ll learn how attackers exploit these gaps, and how to fix them by establishing a strong, practical security baseline for Azure and M365.

• Thomas Fargeix, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
• Jihane Guelzim, Advisory Senior Associate, Cybersecurity, PwC Luxembourg
• Mathilde Oun, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

Facility management systems – such as cameras, badge readers, elevators, HVAC units, even catering tills and vending machines – are often connected to your corporate network, creating an overlooked attack surface. Are these entry points secured, monitored, and compliant? Join us to uncover real-world lessons learned and explore practical strategies for applying security hygiene to protect this critical yet underestimated part of your infrastructure.

• Vincent Garnier-Salvi, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
• Giovanna Alberta Stefani, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

With growing reliance on Third Parties, it’s easy to assume that maintaining an archive of supplier information is enough to manage risks, yet many incidents still originate from vendors that were “known” but never truly assessed.
Drawing on practical experience in third-party risk management frameworks, audits, and supplier assessments, this workshop explores how to structure and implement a resilient TPRM program step by step.
You’ll get useful insights into how to design an inventory that goes beyond record-keeping, how to assign risk tiers that reflect real exposure, and how this approach helps you continuously monitor and manage suppliers based on what actually matters.

• Prof. Dr. Stefan Schiffner, Professor of Computer Science (Privacy/ Data protection), H-BRS, University of Applied Sciences

With the adoption of new cybersecurity regulations, organisations face new compliance obligations. This workshop will present how CISO and companies can use NIS2 and CRA criteria for self-assessment and certification to reduce their risk, document their compliance, and build trust with third parties.

• Alessandro Casarotti, Advisory Director, Anti-Financial Crime and Forensics, PwC Luxembourg
• Ines Haddar, Advisory Senior Manager, Anti-Financial Crime and Forensics, PwC Luxembourg

As organisations face increasingly sophisticated cyber‑enabled fraud schemes, document integrity has become a critical part of cybersecurity resilience. This workshop showcases how AI‑powered document forensics solutions such as Finovox help identify hidden manipulations and protect against fraud attempts that often accompany broader cyber threats. A live demonstration will illustrate how PwC’s expertise in fraud, risk and cybersecurity can help integrate such capabilities into your defence and control framework.

• Alain Herrmann, Data Protection Commissioner, CNPD
• Sadia Berdaï, Head of Division, AI, Innovation and Technology, CNDP
• Bertrand Navarre, DPO, CNDP

Any resemblance to actual persons or real events is purely coincidental. If you think you recognise yourself, it simply means reality lacks imagination.

• Sébastien Ziegler, President of the Europrivacy International Board of Experts of the European Center for Certification and privacy (ECCP)

This workshop will present the latest developments and upcoming evolution with data protection certification with Europrivacy, the official European Data Protection Seal of the GDPR. It will present how to prepare the certification and how to take advantage of it to simplify compliance management, to reduce risks, and to turn compliance into a source of value creation.