Agenda

• What does security- by-design look like within OT environments when managing legacy systems alongside new infrastructure?
• How can we foster stronger collaboration between IT and OT teams to implement a unified, security-first architecture without compromising system availability?
• What governance structures are necessary to embed security by design across OT projects? How can we ensure compliance while implementing the necessary infrastructure?
• With evolving threats and regulations, how can we ensure that security-by-design overcomes common business challenges?
• What role should CISOs play in shaping organisational culture and workforce training to ensure security is considered a fundamental part of engineering and operations in OT environments?
• How can we best build a secure-by-design approach that ensures our organisations are best protected from new cyber threats?

– Moderator: Thadeu Tourinho, Head of Cybersecurity – Brazil, Tereos
– Alexandre Lattaro, BISO, Kenvue
– Felipe Bonomo, CISO, Alpargatas S.A.
– Paulo Paes, Enterprise Account Executive, Iberia, and Brazil, Acronis
– Danilo Cabrini, Head of Electrical Instrumentation and Automation, BP Bioenergy
.

ISA/IEC 62443 as the international standard for cybersecurity in industrial systems, reinforcing processes, policies, and technical controls for protection and compliance. It demonstrates that the approach should be integrated, involving technology, processes, and people to ensure resilience and minimize risks. The importance of adapting measures to the specific needs of each operation and promoting continuous improvement is emphasized.

• Modular structure covering governance, policies, risk assessment, access control, integrity, and compliance.
• Security-by-Design and Defense-in-Depth principles to protect critical assets throughout the entire lifecycle.
• Continuous, tailored adoption according to the organization’s operational profile and evolving threats, engaging training and professional responsibility.

– Erik Faustino Maran, Cybersecurity Director and ISA/IEC 62443 Instructor, Westcon
.

Drawing from real-world experience securing critical energy infrastructure across multiple global regions, the session will address:

• The main emerging risks from industrial hyperconnectivity: legacy system exposure, lateral movement, Cloud dependencies, and visibility loss.
• The danger of applying traditional IT frameworks to environments where physical processes and real-time operations are at stake.
• The need for clear governance, modular and segmented security architectures, and adaptive strategies that do not block innovation.
• How to turn today’s risks—connectivity, cloud services, smart devices—into part of the solution by enabling operational resilience, automated defences, and more effective incident response.

– Christian Soto Cerda, Global Head of Technology and Cybersecurity, Mainstream Renewable Power
.

In this panel, Fernando Correa, CEO of Securityfirst, and Danilo Souza, Head of the Information Security Division at Bank of China (Brazil) Banco Múltiplo, discuss the challenges of strategic information security planning. They present the planning methodology developed by Securityfirst, as well as the significant difference between compliance and true maturity, highlighting the contrast between these two approaches and the cultural challenges encountered in achieving synergy among the organization’s internal areas.
.
Fernando Correa, CEO, Security First & Danilo Souza, Head of Information Security Division, Bank of China (Brazil) Banco Múltiplo

This session will explore:

• How we can communicate ROI, cost savings, and risk mitigation to stakeholders when making the business case for cyber
• Where we can implement approaches for integrating and securing outdated OT assets utilising AI.
• Understanding where AI can help add real value to our organisation’s cyber strategy
• A real-world case study of how AI deployment can support a business case for cyber and its measurable benefits

– Renata Valente de Araújo, Industrial Cyber Security Specialist, Braskem
.

This session will establish a framework for:

• A roadmap for the best policies to implement to ensure our OT environments remain safe
• How we can embed security early into systems, processes, and infrastructure—not as an afterthought
• Establishing the core principles of a converged architecture – including visibility, segmentation, zero trust, and unified threat detection
• How a converged IT-OT SOC can strengthen your cyber security outlook
• The importance of a comprehensive audit in building a robust security system

– Marcelo Assumpcao, Head of IT & OT Cyber Security, Elera Renováveis

.

This session will explore:

• How we can make IAM work in OT environments
• What a good IAM architecture looks like to fit OT
• The importance of establishing roles and responsibilities in our IAM strategies
• Why collaboration is important in our strategies for Identity Access Management in OT environments
• How we can best manage identities and secure privileged access in the OT environment, and ensure a good strategy for IAM in OT environments.

– Amaro Neto, CISO, Hospital Ernesto Dornelles
.

In this workshop, we will explore whether it is possible—and how—to make the management of realistic OT cyber risk scenarios the driving force behind achieving higher levels of maturity and compliance with key cyber security frameworks such as NIST CSF, IEC 62443, ISO 27001, NIS2, and others. The goal is to examine how scenario-based risk management enables targeted control implementation, measurable progress within maturity models, and a practical path toward regulatory alignment. Through a collaborative exercise using real-world OT threats, participants will be invited to discuss the central challenge: can we truly build a meaningful bridge between operational risk, cyber security strategy, and compliance outcomes?
.
– Marcelo Gianetti, Cyber Security OT Manager LATAM, Kenvue
.

This session explores:

• What are the most significant threats we face today? How will these threats evolve to present new challenges for the future of cyber security in Latin America?
• How do current geopolitical tensions and trade wars exacerbate the current challenges our organisations face? Do they?
• What a good incident response looks like in the context of an example of a cyber attack.
• Moving forward, how will AI, Quantum Computing and other new technologies exacerbate the threats of today? What new threats will they create for our organisations?
• What can we do to ensure our organisations are best positioned to deal with the threats of tomorrow?
• How can we learn lessons from today to stay secure tomorrow?

– Moderator: Leandro Ribeiro, CISO, Hospital Sírio-Libanês
– Panellist: Gleison Baioco, Cyber Security Coordinator, ArcelorMittal
– Panellist: Igor Gutierrez, ISO & DPO, B. GROB do Brasil S.A.

• How can public-private partnerships, information sharing platforms, and threat intelligence sharing initiatives specific to critical national infrastructure protection can help inform our cyber strategies?
• Why is collaboration important for our cyber security?
• What are some good examples of partnerships from across the globe that help to foster an environment of security?
• How can we establish trust, overcome legal and regulatory challenges, and foster an environment of cooperation among government agencies, industry sectors, and cyber security experts?
• How can we develop shared insights into effective collaborative approaches?
• How can collective efforts between organisations lead to a stronger OT security posture through both our organisations and society?

– Daniel Maier de Carvalho, General-Coordinator of the CTIR Gov., Institutional Security Office of the Presidency of Brazil
.