Agenda

• What should a cybersecure culture look like in our organisations? How can we similarly ensure a cybersecure culture throughout society?
• How can cyber security awareness be a cultural matter, both in our organisations and throughout society?
• Where can we communicate in layman’s language to improve cyber security both in our daily lives and in organisations?
• What can we do to ensure our supply chains stay secure as part of this culture of cyber security? How can we best manage third-party risk?
• How can we best ensure all groups of society are represented when building a culture of security?
• Why is it important that we build a culture of security that extends not just through our organisations but throughout society?

– Moderator: Ivan Athanazio, CISO, Universidade Federal Fluminense
– Uilson Souza, Global Information Risk Lead, Mars
– Jeff Macre, Principal OT Security Solutions Architect, Darktrace
– Juan Pablo Sorensen, Security & Compliance Project Manager, Mercury Healthcare
– Bruno Sicchieri, RISO, Bunge
.

The speed of cyber threats has outpaced human response capabilities, making reactive, manual cyber security an unsustainable model. In this session, The Head of Google Cloud Security in LATAM will share the vision and lessons from our own transformation journey, showing how the strategic use of AI allowed us to move beyond incident reaction. Discover the roadmap Google followed to build a security posture that is proactive, intelligent, and autonomous, and learn the principles you can apply in your own organization to be better prepared.
.
– Marcello Zillo, Head of Google Cloud Security LATAM, Google
.

This session will explore:

• What the current threat landscape looks like facing operators of critical infrastructure across Brazil and Latin America
• The risks faced to our OT security due to geopolitical instability
• How we can best ensure our assets are protected from dangers brought against our operations due to the biggest risks of today
• How can we best ensure our supply chains are protected from the biggest threats of today
• Where we can develop a geostrategic strategy that ensures security and overcomes significant risks to our OT systems

– Daniel Maier de Carvalho, General-Coordinator of the CTIR Gov., Institutional Security Office of the Presidency of Brazil
.

This presentation takes you beyond a basic asset inventory and offers a multi-layered view of the OT risk landscape — giving you a full, ecosystem-level perspective. We’ll walk through the key building blocks for proactively identifying and reducing risk. Join us to learn more about:

• Leveraging automated OT data collection and context
• Leveraging automated OT data collection and context
• Contextual Risk Calculation
• Turning data into insights — fast and continuously.
• OT Real-World Wins

– Mauricio Barbarulo, Industrial Cyber Security Consultant, Rockwell Automation
.

This session will discuss:

• How we can best overcome new AI threats in light of increasing use of ransomware-as-a-service and geopolitical threats
• Provide a deep-dive into how we can adapt technically to new AI Threats.
• Explore what the future of AI-based threats looks like
• Explore how we can overcome the threats AI brings to the region to build a new strategy

– Milton Guerrero, CISO, HuntOil
.

This session explores:

• How an organisation built up their cyber strategy in preparation of a cyber attack
• Where and how a business case was built to help prevent against cyber attacks
• What a good incident response looks like in the context of an example of a cyber attack.
• How we can ensure we are best prepared for an attack through a comprehensive cyber program covering all aspects of our infrastructure
• What we can do to ensure we are best prepared for a cyber attack.

.
– Juan Pablo Sorensen, Security & Compliance Project Manager, Mercury Healthcare
.

In an increasingly connected and automated landscape, Operational Technology (OT) and Cyber-Physical Systems (CPS) environments face complex security challenges. This presentation proposes a strategic and proactive approach to transform vulnerabilities into opportunities for innovation, resilience, and competitive advantage.
.
– Tácito Santos, Cybersecurity Sales Specialist, NTT Data & Rodrigo Leal, Executive Manager of Telecommunications and OT Cybersecurity, AXIA Energia
.

This session will explore:

• Our approach to identifying critical vulnerabilities and developing a structured roadmap in implementing patch management
• Evaluating how AI and other automation tools can be used in effective OT vulnerability management
• How you can build your program from the ground up, contextualising risk for your business, and evolving beyond standard CVSS to a customised risk scoring
• The lessons learned from our experience in developing an OT Patch and Vulnerability management programme

– Thadeu Tourinho, Regional CISO, Tereos

The presentation discusses the main challenges faced by organisations in ISO/IEC 27001 certification, emphasising the importance of the standard for Information Security, the steps of the certification process and challenges such as senior management engagement and organisational awareness, offering practical tips to overcome them. The three main topics covered are:

• Importance of ISO/IEC 27001 for Information Security
• Steps of the Certification Process: Description of the phases an organisation should follow to obtain certification, from initial preparation to final audit.
• Challenges and Practical Tips: Discussion of common obstacles faced during certification and suggestions on how to overcome them.

.
– Eduardo Marsola do Nascimento, Head of OT Cybersecurity (Interim), Petrobras

Across plants, terminals, and utilities, OEMs and service vendors routinely set the terms for how they access operational technology—persistent VPNs, shared “support” accounts, unmanaged laptops, and cloud‑managed gateways that punch holes through carefully designed perimeters. Why do end clients accept this? The short answer is asymmetry: vendors hold the keys to uptime (and warranties), proprietary tooling, scarce field expertise, and “time‑to‑repair” metrics that dominate operational incentives. Over time, temporary exceptions become permanent architecture. This talk explains the business, contractual, and cultural forces that lead organizations to cede control—and the practical path to reclaim it without breaking SLAs or vendor relationships. We’ll map common access patterns and their failure modes, then show how to replace vendor‑dictated connectivity with client‑owned brokering: jump/bastion architectures, session brokerage with just‑in‑time access, MFA and ephemeral credentials, role‑based scoping, session recording, and tiered vendor risk models. We’ll pair the technical controls with procurement and legal levers: warranty‑safe requirements, access evidence delivery, “break‑glass” governance, incident‑response obligations, and clause language aligned to IEC 62443 and NIST SP 800‑82.
.
– Gabriel Diaz, Sr. Solutions Architect, Xona Systems

T1. The Evolution of Data Protection at the Regional Level
– Uilson Souza, Global Information Risk Lead, Mars
.
T2. Ensuring Our Supply Chains Remain Secure Against An Expanding Threat Landscape
– Ivan Athanazio, CISO, Universidade Federal Fluminense
.
T3. Building a Resilient OT Security Framework
– Daniel Morales, Automation Manager, Braskem
.

• Do National Governments need to do more in order to ensure the security of our critical infrastructure?
• What international standards can we follow in the face in addition to internal legislation in Latin American industry?
• To what extent do NIS2 and CISA set good fundamental guidelines to follow for LATAM companies?
• Does more need to be done throughout Latin America to build regulations? What standards should we follow in the meantime?
• Do we need more regulations or does compliance give us a false perception of security in our organisations?

– Moderator: Felipe Holanda Ribeiro, Information Security Compliance Officer, 3 Corações S/A
– Uilson Souza, Global Information Risk Lead, Mars
– Marcelo Assumpcao, Head of IT & OT Cyber Security, Elera Renovaveis
– Juan Pablo Sorensen, Security & Compliance Project Manager, Mercury Healthcare
.