PwC Cybersecurity & Privacy Day - 12 March 2026 - Agenda

Back to basics: Building on what truly matters

12.00pm - 1.30pm Welcome and networking lunch
1.30pm - 1.40pm Welcome words
1.40pm - 2.00pm

Keynote

Ange Ferrari, CISO, METRO

2.00pm - 2.20pm

Defending Together: Collaboration, Governance, and Resilience in Luxembourg’s Cyber Defence

Ben Fetler, Head of Cyber, Luxembourg Directorate of Defence

2.20pm - 2.30pm

The risks of fraud powered by technology

Michael Weis, Advisory Partner, Forensics & Anti-Financial Crime Leader, PwC Luxembourg

 

Cybersecurity Plenary session

Privacy Plenary session

2.40pm - 3.00pm

Defense in Practice: Sustaining Quality Under Fixed Time Constraints

Martin Grandcolas, Head of Division, Cybersecurity, CSSF

Uncomplicated Compliance: Privacy as a competitive edge

John O’Brien, Head of Legal, Data Protection & Artificial Intelligence, Revolut

Samantha Sayers, Global Head of Privacy, Risk & Compliance and DPO, Bolt

3.00pm - 3.20pm

The latest trends in cyber attacks: technology watch from PwC LU’s ethical hackers 

Maxime Clementz, Advisory Senior Manager, Ethical Hacker & Cybersecurity, PwC Luxembourg

3.20pm - 3.50pm Coffee Break
3.50pm - 4.30pm

First workshops session (description of workshops available at the end of this page

 

  • No Zero-Day needed 
    Antoine Goichot, Advisory Senior Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg
    Martino Tommasini, Advisory Senior Associate, Cybersecurity & Ethical Hacker, PwC Luxembourg

  • Real-World Security Lessons from Azure & M365 
    Edouard D'hoedt, Advisory Manager, Cybersecurity & Incident Handler, PwC Luxembourg
    Hayk Gevorgyan, Advisory Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg

  • Facility Management Security: Uncovering the hidden attack surface
    Thomas Fargeix, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
    Jihane Guelzim, Advisory Senior Associate, Cybersecurity, PwC Luxembourg
    Mathilde Oun, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

  • Third Party Risk Management: A Decision System 
    Vincent Garnier-Salvi, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
    Giovanna Alberta Stefani, Advisory Senior Associate, Cybersecurity, PwC Luxembourg 

  • DPO vs AI Officer: The Quest for the Lost Compliance 
    Alain Herrmann, Data Protection Commissioner, CNPD
    Sadia Berdaï, Head of Division, AI, Innovation and Technology, CNDP
    Bertrand Navarre, DPO, CNDP

  • Ensuring compliance and accountability with CRA, NIS2 and other data security-related frameworks through European certification 
    Prof. Dr. Stefan Schiffner, Professor of Computer Science (Privacy/ Data protection), H-BRS, University of Applied Sciences

4.30pm - 4.50pm Coffee break
4.50pm - 5.30pm

Second workshops session (description of workshops available at the end of this page)

  • No Zero-Day needed 
    Antoine Goichot, Advisory Senior Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg
    Martino Tommasini, Advisory Senior Associate, Cybersecurity & Ethical Hacker, PwC Luxembourg

  • Real-World Security Lessons from Azure & M365 
    Edouard D'hoedt, Advisory Manager, Cybersecurity & Incident Handler, PwC Luxembourg
    Hayk Gevorgyan, Advisory Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg

  • Facility Management Security: Uncovering the hidden attack surface 
    Thomas Fargeix, Advisory Senior Manager, Cybersecurity, PwC Luxembourg 
    Jihane Guelzim, Advisory Senior Associate, Cybersecurity, PwC Luxembourg
    Mathilde Oun, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

  • Third Party Risk Management: A Decision System 
    Vincent Garnier-Salvi, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
    Giovanna Alberta Stefani, Advisory Senior Associate, Cybersecurity ,PwC Luxembourg

  • Reducing risks and turning compliance into value creation with the official European Data Protection Seal 
    Sébastien Ziegler, President of the Europrivacy International Board of Experts of the European Center for Certification and privacy (ECCP)

  • The risks of fraud powered by technology   
    Alessandro Casarotti, Advisory Director, Anti-Financial Crime and Forensics, PwC Luxembourg
    Ines Haddar, Advisory Senior Manager, Anti-Financial Crime and Forensics, PwC Luxembourg

5.30pm - 5.35pm Switch to the plenary session in the auditorium
5.35pm - 6.10pm

The Human Firewall: Regulating the Nervous System to Perform Under Pressure

Giorgio Bruin, Founder & Certified Trainer, B YOU

Séverine Daniel, Founder & Certified Trainer, B YOU

6.10pm - 6.15pm Closing words
6.15pm - 7.30pm  Networking cocktail

Cybersecurity & Privacy Workshops

  • Antoine Goichot, Advisory Senior Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg
  • Martino Tommasini, Advisory Senior Associate, Cybersecurity & Ethical Hacker, PwC Luxembourg

No advanced custom exploits, no cutting-edge AI tooling, no zero-day, yet full compromise.
Drawing from our penetration testing experience, this session reveals how attackers continue to succeed using the same basic techniques, year after year, because long-known weaknesses still persist in modern environments.
The good news? Stopping them isn’t about new technologies or AI solutions, but about solid, well-known security fundamentals.

  • Edouard D'hoedt, Advisory Manager, Cybersecurity & Incident Handler, PwC Luxembourg
  • Hayk Gevorgyan, Advisory Manager, Cybersecurity & Ethical Hacker, PwC Luxembourg

With all the advanced security tools available in Azure and Microsoft 365, it’s easy to assume the basics are covered by default... yet many of today’s breaches still start with simple misconfigurations and overlooked fundamentals.
Drawing on our hands-on experience from configuration reviews, building secure cloud infrastructures, incident response and running red team exercises in hybrid environments, we’ll uncover the most common (and surprisingly persistent) mistakes we see in the field.
You’ll learn how attackers exploit these gaps, and how to fix them by establishing a strong, practical security baseline for Azure and M365.

Cybersecurity Workshops

  • Thomas Fargeix, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
  • Jihane Guelzim, Advisory Senior Associate, Cybersecurity, PwC Luxembourg
  • Mathilde Oun, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

Facility management systems – such as cameras, badge readers, elevators, HVAC units, even catering tills and vending machines – are often connected to your corporate network, creating an overlooked attack surface. Are these entry points secured, monitored, and compliant? Join us to uncover real-world lessons learned and explore practical strategies for applying security hygiene to protect this critical yet underestimated part of your infrastructure.

  • Vincent Garnier-Salvi, Advisory Senior Manager, Cybersecurity, PwC Luxembourg
  • Giovanna Alberta Stefani, Advisory Senior Associate, Cybersecurity, PwC Luxembourg

With growing reliance on Third Parties, it’s easy to assume that maintaining an archive of supplier information is enough to manage risks, yet many incidents still originate from vendors that were “known” but never truly assessed.
Drawing on practical experience in third-party risk management frameworks, audits, and supplier assessments, this workshop explores how to structure and implement a resilient TPRM program step by step.
You’ll get useful insights into how to design an inventory that goes beyond record-keeping, how to assign risk tiers that reflect real exposure, and how this approach helps you continuously monitor and manage suppliers based on what actually matters.

  • Prof. Dr. Stefan Schiffner, Professor of Computer Science (Privacy/ Data protection), H-BRS, University of Applied Sciences

With the adoption of new cybersecurity regulations, organisations face new compliance obligations. This workshop will present how CISO and companies can use NIS2 and CRA criteria for self-assessment and certification to reduce their risk, document their compliance, and build trust with third parties.

  • Alessandro Casarotti, Advisory Director, Anti-Financial Crime and Forensics, PwC Luxembourg
  • Ines Haddar, Advisory Senior Manager, Anti-Financial Crime and Forensics, PwC Luxembourg

As organisations face increasingly sophisticated cyber‑enabled fraud schemes, document integrity has become a critical part of cybersecurity resilience. This workshop showcases how AI‑powered document forensics solutions such as Finovox help identify hidden manipulations and protect against fraud attempts that often accompany broader cyber threats. A live demonstration will illustrate how PwC’s expertise in fraud, risk and cybersecurity can help integrate such capabilities into your defence and control framework.

Privacy Workshops

  • Alain Herrmann, Data Protection Commissioner, CNPD
  • Sadia Berdaï, Head of Division, AI, Innovation and Technology, CNDP
  • Bertrand Navarre, DPO, CNDP

Any resemblance to actual persons or real events is purely coincidental. If you think you recognise yourself, it simply means reality lacks imagination.

  • Sébastien Ziegler, President of the Europrivacy International Board of Experts of the European Center for Certification and privacy (ECCP)

This workshop will present the latest developments and upcoming evolution with data protection certification with Europrivacy, the official European Data Protection Seal of the GDPR. It will present how to prepare the certification and how to take advantage of it to simplify compliance management, to reduce risks, and to turn compliance into a source of value creation.

top

Follow us