While many of my colleagues are still digesting RSA, I finally had the time to sit down and gather my thoughts on this year’s InCyber Forum taking place in Lille, France. This was my first time visiting as one of over 20,000 visitors from over 100 countries. This conference has started to gain well-deserved international recognition for its valuable insights and the international nature of its attendees. Anyone who is afraid that this conference is solely for French speakers should know that there are headphones in order to translate the talks to English. In addition, vendor staff at the booths are fluent in multiple languages.

While artificial intelligence dominated a lot of conversations at this year’s Forum, the talk of the town revolved around European cybersecurity regulations. Here were some of the key trends that I noticed from the conference:

  • There’s a significant European focus on IAM and digital identity. The InCyber Forum revealed that CISOs are prioritizing identity and access management (IAM) as a top focus for 2024, driven by the NIS2 Directive and eIDAS 2.0 regulations. This prioritization of IAM by CISOs is consistent with Forrester’s most recent Security Survey data. Vendors at InCyber showcased advanced multifactor authentication solutions, e-wallet offerings, and blockchain technologies for decentralized identity, and several talks highlighted the role that IAM solutions play in detecting and responding to cyberthreats. In an interconnected world, cybersecurity is increasingly identity-centric, emphasizing “who” is accessing “what,” particularly in hybrid environments. The shift to identity security introduces significant challenges, such as a lack of global visibility across different platforms and the cloud. Several vendors discussed an “identity-first” strategy, which focuses on maintaining a unified view of identities, accounts, and associated authorizations and on methods to detect suspicious behavior and recommend actions, with AI seen as having a key influence.
  • Sustainability in cybersecurity has so far been an afterthought. Cybersecurity practitioners don’t often think about sustainability all that much when they make their technology purchases. Cybersecurity software and service providers also have an impact here, but we often don’t consider these as part of sustainability efforts or as part of the sourcing conversation for CISOs. Recognizing this challenge, companies such as SPIE and Wavestone are developing tools to identify cybersecurity solutions’ contributions to meeting corporate sustainability goals. These tools provide valuable insights, enabling businesses to make well-considered choices that align with their sustainability strategies without compromising on security.
  • The Forum is making a significant effort to help students enter the field. On the final day of the event, the Forum blossomed into a dynamic job market, offering students the opportunity to interact with leading companies and professionals on the conference floor. A recruiter noted that, in the fierce competition for talent, companies must seek innovative recruitment methods such as scouting and hiring at cyberconferences, which InCyber Forum provides. One student expressed that the direct contact with professionals helped significantly by bypassing the usual online recruitment channels. During the conference, a panel underscored the collective need to address the cybersecurity talent shortage. The European Cyber Security Organisation (ECSO) introduced its Road2Cyber initiative, a collaboration with the Women4Cyber Foundation. An initiative for both immediate and long-term talent development, Road2Cyber unites private initiatives aimed at retraining the European workforce, recruiting talent, and connecting industries, universities, job seekers, and recruiters while promoting activities such as training and cyber range providers.

During the conference, I had interesting discussions about the evolution of OT and IOT security with Airbus, Schneider Electric, and Siemens; the importance of identity and access governance with Wallix; and the future of identity and access management and identity as a fundamental right with IN Groupe. I also visited the Live Bug Bounty event from YesWeHack. YesWeHack is an organization that connects companies to tens of thousand of bug hunters to uncover and patch vulnerabilities in websites, mobile apps, connected devices, and digital infrastructure. This makes YesWeHack one of the biggest “white hat” communities.

In 2025, the InCyber Forum will once again take over the Lille Grand Palais with the theme of Zero Trust. I look forward to attending next year!