Agenda 2026
| When | What | Who (click to read more) | Where |
|
11:00 - 12:00 |
Lunch and registration at Statkraft |
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
12:00 - 12:10 |
Welcome to the C2 Summit 2026! Welcome and intro to what we will be doing together the next few days. |
Robby Peralta & Pål S. Magnus |
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
12:10 - 12:50 |
Powering Europe’s future Europe’s energy demand is shifting, driven by electrification, geopolitical tension, and industrial transformation. Statkraft, as Europe’s largest producer of renewable energy, provides a strategic view of consumption trends, infrastructure expansion, and long-term capital requirements. Central to this transformation is cybersecurity: protecting generation, transmission, and digital control systems from disruption. This talk explores why energy security and cyber resilience must go hand in hand to support sustainable societal growth. |
Statkraft - TBA |
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
12:50 - 13:10 |
Break |
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
13:10 - 13:50 |
Russia’s next phase Tom Røseth is one of Norway’s leading experts on intelligence and Russian security policy. With a background spanning defence service, academic research, and frontline analysis of the war in Ukraine, he brings insight into how states think, adapt, and prepare for long-term confrontation. While headlines focus on daily battlefield developments, Russia is already studying this war, absorbing lessons, restructuring its forces, refining its intelligence methods, and preparing for what comes next. The talk will cover what Moscow is learning from Ukraine, how is it adapting its military and intelligence apparatus, and what this could mean for Europe’s security landscape over the next decade. In this presentation, Røseth moves beyond the news cycle to examine the strategic recalibration underway inside Russia, and the implications for NATO, Northern Europe, and the wider geopolitical balance. |
Associate Professor - The Norwegian Defence University College, Chief Instructor in Intelligence |
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
13:50 - 14:10 |
Break |
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
14:10 - 14:50 |
The new normal Janne Haaland Matlary is among Norway’s foremost scholars of international security and European strategic affairs. Her career spans academia, senior government service as State Secretary in the Ministry of Foreign Affairs, and advisory roles at the highest international levels. She combines rigorous strategic analysis with firsthand policy experience, offering insight shaped by both scholarship and statecraft. As Europe experiences prolonged war on its borders, intensifying great-power rivalry, and mounting pressure on democratic institutions, the question is no longer whether the security environment has changed, but how permanent that change is. The assumptions that shaped European defence, deterrence, and crisis management for three decades are being tested in real time. In this presentation, Matlary examines the structural shifts redefining Europe’s strategic environment, and outlines what political leadership, military posture, and societal resilience will require in the years ahead. Her talk will cover what enduring confrontation will mean for NATO and European defence planning, how democracies should think about power, sovereignty, and resilience in an era of strategic competition, and what defines “normal” in a security landscape shaped by war, hybrid threats, and systemic rivalry. |
Professor at University of Oslo and the Command and Staff College |
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
14:50 - 15:10 |
Break |
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
15:10 - 16:00 |
Cyber warfare in practice Michael Dugent brings frontline visibility into how cyber warfare is unfolding in the Russia–Ukraine war, not as theory, but as operational reality. Representing Nozomi Networks, a global leader in OT and critical infrastructure security, he works at the intersection of nation-state capability, industrial systems, and real-world resilience. While kinetic operations dominate headlines, the war has also become a proving ground for cyber operations targeting energy grids, telecommunications, logistics networks, and industrial control systems. These campaigns reveal how cyber effects are integrated with military strategy, shaping the battlefield, testing Western infrastructure, and refining future playbooks. In this session, Dugent moves from geopolitics to execution, distilling concrete technical and operational lessons from Ukraine and translating them into actionable guidance for defenders of critical infrastructure. His talk will cover what tactics have proven effective against critical infrastructure, how industrial control systems are being targeted, disrupted, and manipulated, and what lessons operators of energy, manufacturing, and public infrastructure should be taking from this conflict. |
Michael Dugent Global IoT Director at Nozomi Networks
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
16:00 - 16:15 |
Break |
|
|
|
16:15 - 16:55 |
What history reveals about today’s leaders After a day focused on infrastructure, hybrid threats, and geopolitical pressure, this closing conversation steps back to examine the individuals who shape world events. In dialogue with Robby Peralta, Jakob Naustdal of NRK’s Tyrann reflects on what history teaches us about authoritarian leadership, political ambition, and the recurring patterns of power. Drawing on his deep study of past rulers and regimes, Naustdal offers perspective on today’s global actors: how they consolidate influence, how they signal intent, and how democracies tend to underestimate them. The conversation explores whether we are witnessing familiar historical cycles, or something structurally different in the current era. |
|
Statkraft HQ Lilleakerveien 6A, 0283 Oslo |
|
17:30 - 21:30 |
The sea-based part of the summit with an evening cruise and dinner on the fjord For the evening activity, we’re delighted to invite you aboard the remarkable Brim Explorer. We’ll cruise silently through the Oslo Fjord, creating a unique setting for conversation, connection, and reflection. Dinner will be served on board, accompanied by what we hope will be great conversations and who knows, perhaps a little magic along the way. If you need to disembark before 21:30, an early exit option will be available halfway through the cruise. |
|
The Oslo Fjord on the boat Brim Explorer |
|
21:30 - |
Optional night cap For those who want to shake off their sea legs, we invite you to a last opportunity to network and enjoy the May evening at Ohdear Wine Bar. |
|
Oh Dear, Holmens gate 4, 0252 Oslo |
| When | What | Who (click to read more) | Where |
|
08:30 - 09:00 |
Registration |
|
Bygdøy allé 39, 0265 Oslo |
|
09:00 - 09:05 |
Welcome to the second day of the C2 Summit 2026 |
Robby Peralta & Pål S. Magnus |
Bygdøy allé 39, 0265 Oslo |
|
09:05 - 09:25 |
|
Tønnes Ingebrigtsen CEO, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
09:25 - 10:00 |
Locked Shields and Crossed Swords Following the CEO’s reflection, Oda Brath takes the stage to translate global instability into operational reality. Drawing on mnemonic’s participation in NATO’s Locked Shields and Crossed Swords exercises, she will share concrete lessons from the front lines of large-scale cyber defence simulations. Oda will explain what these exercises reveal about modern crisis response, where organisations typically fail, and what separates resilient teams from the rest. As Lead for Incident Readiness at mnemonic, she will outline what companies must prioritise now to strengthen preparedness, contribute to societal stability, and meet the demands of the years ahead. |
Oda Bruaset Brath Service Lead, Incident Readiness, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
10:00 - 10:20 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
10:20 - 11:00 |
|
Fred Streefland Global Field CISO, Check Point
|
Bygdøy allé 39, 0265 Oslo |
|
11:00 - 11.15 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
11.15 - 12:00 |
Experience sharing: Vulnerability management in practice Closing the morning session, three security leaders take the stage to discuss vulnerability management from markedly different operational realities. Representing a hybrid environment, a cloud-native organisation, and an OT-driven enterprise, they will share firsthand experiences from the front lines of risk reduction. The panel will move beyond theory to address what has actually worked, what has failed, and where assumptions break down in practice. How do you prioritise effectively? Where do programs stall? What creates measurable progress, and what only creates reporting? Expect a candid exchange grounded in operational lessons, hard trade-offs, and practical approaches to managing vulnerabilities across fundamentally different technology landscapes. |
Department Director, IT Division, Skatteetaten
Øyvind Bergerud Head of Security Operations, Storebrand
Knut Håkon Tolleshaug Mørch Director IT Architecture and Cybersecurity (CTO/CISO), TINE
|
Bygdøy allé 39, 0265 Oslo |
|
12:00 - 12:25 |
Bus to Holmenkollen |
|
Bygdøy allé 39, 0265 Oslo |
|
12:25 - 13:15 |
Lunch with a view at Pressesenteret
|
|
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
13:15 - 13:55 |
AI is transforming the enterprise, but it is also reshaping insider risk in ways many organisations have not yet fully considered. As businesses integrate AI and automation, workforce disruption and role uncertainty introduce new human stressors. At the same time, AI tools reduce the expertise required to extract, manipulate or exfiltrate sensitive data, and amplify the impact of a single insider action. This session reframes insider risk as a socio-technical challenge. Matt Cooke will explore how human factors and AI-enabled capability combine to increase risk exposure, where existing controls fall short, and how organisations can implement relevant, actionable data security measures that address both human and machine-assisted behaviours. The focus is practical: how to strengthen insider risk and data protection programmes in ways that reflect real workforce conditions and AI-enabled operating models. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
13:55 - 14:10 |
Break |
|
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
14:10 - 14:50 |
Adversary in action: Lessons from the field Following the strategic outlook on insider risk, renowned ethical hacker Rob Shapland brings the audience into the operational reality of modern intrusion tactics. Drawing on recent physical penetration tests, Rob will share firsthand accounts of how organisations are breached in practice, not just through technical exploits, but through human trust, process gaps, and real-world manipulation. He will also demonstrate how techniques associated with groups like Scattered Spider, such as targeted social engineering and help desk exploitation, are being adapted and refined to gain initial footholds. The session concludes with the core recommendations he delivers to clients: the specific controls, cultural shifts, and procedural changes that reduce exposure. Expect a direct, experience-driven perspective on how attackers think, and how organisations can close the gaps they routinely exploit. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
15:05 - 15:45 |
Securing the autonomous enterprise: Threats to AI and agentic systems To close the day, Eoin Wickens, Head of Threat Intelligence at HiddenLayer, will examine the emerging attack landscape targeting AI and agentic systems. Drawing on recent incidents observed across their client base, Eoin will outline how adversaries are probing, manipulating, and exploiting machine learning models and autonomous workflows. From model abuse to indirect prompt injection and system-level weaknesses, he will clarify where the real risks are materialising. The session will conclude with a practical view of how leading organisations are adapting, what defensive strategies are proving effective, which controls are being prioritised, and how security teams are evolving to protect AI-driven environments. A forward-looking end to a day focused on resilience in a rapidly shifting threat landscape. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
15:45 - 17.30 |
Your choice: Olympic precision or polar history To spark both body and mind, we invite you to choose between two unique experiences: Option 1: Step into the world of biathlon Get a taste of what the world’s best biathlon athletes experience together with Koll Biathlon at the iconic Oslo Olympic Arena. Challenge yourself, learn from the experts, and discover what it takes to combine precision, focus, and endurance. The session will be kept at a light and accessible level, well below the “break a sweat” threshold, so there’s no need to change clothes or plan for a shower afterwards. Just bring yourself and enjoy the experience. Option 2: A journey through Norway’s skiing heritage Enjoy a guided visit to the National Ski Museum in collaboration with Skiforeningen. Experience the dramatic and captivating story of Norway’s polar exploration history, and gain insight into Norway’s pivotal role in shaping modern cross-country and alpine skiing as we know it today. Whether you prefer physical activity or cultural inspiration, both options promise a memorable and distinctly Norwegian experience. |
|
Holmenkollen National Arena or the ski museum |
|
17:30 - 18:00 |
Bus transfer from Holmenkollen to Frognerseteren Restaurant |
|
|
|
18:00 - 22:30 |
Dinner and drinks at Frognerseteren / Storstua including a performance from author and storyteller Thor Gotaas. Guests will be welcomed with a drink and blinis. |
|
Holmenkollveien 200, 0791 Oslo |
|
21:00 and 22:30 |
We will have two return buses leaving Frognerseteren to Radisson Scandinavia. One bus leaving 21:00 and the second 23:00. |
|
|
| When | What | Who (click to read more) | Where |
|
08:30 - 09:00 |
Registration |
|
Bygdøy allé 39, 0265 Oslo |
|
09:00 - 09:05 |
Welcome and plan for the day |
Robby Peralta & Pål S. Magnus |
Bygdøy allé 39, 0265 Oslo |
|
09:05 - 09:40 |
Lay of the Land: 2026 and beyond It has been 12 months since our last review of the cybersecurity vendor landscape at the C2 Summit 2025. What structural shifts have defined the market over the past year, and which of them represent lasting change rather than short-term hype? How are consolidation, platformisation, and funding pressures reshaping the competitive dynamics among security vendors? How has the continued expansion of hyperscaler-native security capabilities influenced buying strategies? Are organisations moving further toward integrated cloud platform security, or does best-of-breed tooling still provide decisive advantages in specific domains? The AI-driven cybersecurity market has matured rapidly. Which AI-native security vendors are gaining real traction, and which use cases are proving operationally effective? What concrete AI-related risks, such as model exploitation, data leakage, autonomous agent abuse, and AI-enabled threat acceleration, are organisations now prioritising? Finally, how does mnemonic systematically assess, validate, and monitor emerging vendors and technologies in this evolving landscape to ensure clients receive resilient, future-oriented security guidance? |
|
Bygdøy allé 39, 0265 Oslo |
|
09:40 - 09:55 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
09:55 - 10:30 |
What should GRC actually mean in 2026? After years of regulatory expansion, accelerating digital transformation, and the operationalisation of AI, Governance, Risk and Compliance can no longer function as a reporting exercise. It must become a strategic capability. Anne Aune, Head of GRC at mnemonic, together with GRC Security Consultant Anders Olsen, examine how organisations need to rethink GRC in light of this new reality. Executive leadership is now expected to understand and communicate in the language of security, while mid-level management is measured not only on financial and quality KPIs, but increasingly on security performance. This shift requires a new capability: translating technical findings from platforms such as security tools and applications into business-relevant insight and actionable management decisions. Many leadership teams recognise that security is a priority, yet struggle with where to start. That uncertainty is driving fundamental changes in how security governance and advisory services are delivered. In this session, the speakers outline how governance and risk functions are evolving, what this means for management teams, and how security leadership is likely to develop in the coming years. While AI will influence this evolution, the focus remains on the structural and organisational transformation redefining modern security governance. |
and Anders Hval Olsen Team Leader and Security Consultant, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
10:30 - 10:45 |
|
|
Bygdøy allé 39, 0265 Oslo |
|
10:45 - 11.30 |
TBA |
|
Bygdøy allé 39, 0265 Oslo |
|
11.30 - 12:30 |
Lunch at Kolonihagen |
|
|
|
12:30 - 13:10 |
TBA |
|
Bygdøy allé 39, 0265 Oslo |
|
13:10 - 13:25 |
Break
|
|
Bygdøy allé 39, 0265 Oslo |
|
13:25 - 14:00 |
AI in the SOC: What we’ve learned from building an agentic triage assistant Roger Storløkken is a Principal MDR Strategist at mnemonic, but also a former CISO and Head of Incident Response. In this talk, he will share practical lessons from building and deploying an agentic AI triage assistant inside a real-world SOC. What problems does it genuinely solve? Where does human judgment remain irreplaceable? How do you avoid introducing new operational or security risks while trying to increase efficiency? This session focuses on applied experience, architecture choices, governance considerations, measurable impact, and the limitations discovered along the way. For organisations exploring AI in detection and response, this is a grounded look at what it takes to move from concept to capability. |
Roger Storløkken Senior Security Consultant, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
14:00 - 14:50 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
14:10 - 14:50 |
Hidden Dragon - A Thriving Chinese Fraud Ecosystem In this session, Merrill will unveil the operational structure of one of the largest known Chinese-language smishing syndicates. Participants will gain insight into how these actors engineer and sustain sprawling fraud campaigns via modular phishing kits, exploit SMS/RCS/iMessage platforms, and monetise stolen credentials through digital wallet provisioning and cryptocurrency flows. The talk includes technical kit analysis, infrastructure mapping, and defensive takeaways for abuse teams. |
Bygdøy allé 39, 0265 Oslo |
|
|
14:50 - 15:00 |
Thanks for now! |
|
Bygdøy allé 39, 0265 Oslo |