Agenda 2026
| When | What | Who (click to read more) | Where |
|
11:00 - 12:00 |
Lunch and registration at Statkraft |
|
Lilleakerveien 4E, 0283 Oslo |
|
12:00 - 12:10 |
Welcome to the C2 Summit 2026! Welcome and intro to what we will be doing together the next few days. |
Robby Peralta & Pål S. Magnus |
Lilleakerveien 4E, 0283 Oslo |
|
12:10 - 12:50 |
Powering Europe’s future Europe’s energy demand is shifting, driven by electrification, geopolitical tension, and industrial transformation. Statkraft, as Europe’s largest producer of renewable energy, provides a strategic view of consumption trends, infrastructure expansion, and long-term capital requirements. Central to this transformation is cybersecurity: protecting generation, transmission, and digital control systems from disruption. This talk explores why energy security and cyber resilience must go hand in hand to support sustainable societal growth. |
Einar Winther-Larssen VP Process Control, Statkraft Torbjørn Olsen VP Energy Management Nordics, Statkraft |
Lilleakerveien 4E, 0283 Oslo |
|
12:50 - 13:10 |
Break |
|
Lilleakerveien 4E, 0283 Oslo |
|
13:10 - 13:50 |
Russia’s next phase Tom Røseth is one of Norway’s leading experts on intelligence and Russian security policy. With a background spanning defence service, academic research, and frontline analysis of the war in Ukraine, he brings insight into how states think, adapt, and prepare for long-term confrontation. While headlines focus on daily battlefield developments, Russia is already studying this war, absorbing lessons, restructuring its forces, refining its intelligence methods, and preparing for what comes next. The talk will cover what Moscow is learning from Ukraine, how is it adapting its military and intelligence apparatus, and what this could mean for Europe’s security landscape over the next decade. In this presentation, Røseth moves beyond the news cycle to examine the strategic recalibration underway inside Russia, and the implications for NATO, Northern Europe, and the wider geopolitical balance. |
Associate Professor - The Norwegian Defence University College, Chief Instructor in Intelligence |
Lilleakerveien 4E, 0283 Oslo |
|
13:50 - 14:10 |
Break |
|
Lilleakerveien 4E, 0283 Oslo |
|
14:10 - 14:50 |
The new normal Janne Haaland Matlary is among Norway’s foremost scholars of international security and European strategic affairs. Her career spans academia, senior government service as State Secretary in the Ministry of Foreign Affairs, and advisory roles at the highest international levels. She combines rigorous strategic analysis with firsthand policy experience, offering insight shaped by both scholarship and statecraft. As Europe experiences prolonged war on its borders, intensifying great-power rivalry, and mounting pressure on democratic institutions, the question is no longer whether the security environment has changed, but how permanent that change is. The assumptions that shaped European defence, deterrence, and crisis management for three decades are being tested in real time. In this presentation, Matlary examines the structural shifts redefining Europe’s strategic environment, and outlines what political leadership, military posture, and societal resilience will require in the years ahead. Her talk will cover what enduring confrontation will mean for NATO and European defence planning, how democracies should think about power, sovereignty, and resilience in an era of strategic competition, and what defines “normal” in a security landscape shaped by war, hybrid threats, and systemic rivalry. |
Professor at University of Oslo and the Command and Staff College |
Lilleakerveien 4E, 0283 Oslo |
|
14:50 - 15:05 |
Break |
|
Lilleakerveien 4E, 0283 Oslo |
|
15:05 - 15:55 |
Cyber warfare in kinetic war zones Our speakers will bring frontline visibility into how cyber warfare is unfolding in the Russia–Ukraine war, not as theory, but as operational reality. While kinetic operations dominate headlines, the war has also become a proving ground for cyber operations targeting energy grids, telecommunications, logistics networks, and industrial control systems. These campaigns reveal how cyber effects are integrated with military strategy, shaping the battlefield, testing Western infrastructure, and refining future playbooks. Representing Nozomi Networks, a global leader in OT and critical infrastructure security, Michael Dugent leads Nozomi Networks’ efforts supporting Ukraine. His work is at the intersection of nation-state capability, industrial systems, and real-world resilience, and he’ll start the presentation by defining the unique risks in Cyber Physical environments and breaking down the anatomy of modern Cyber Physical attacks. From there, we’ll move from tactics and geopolitics to execution, as Michael will be joined by Dmytro Doronin, CISO of Ukraine’s largest hydropower generation company, Ukrhydroenergo, and Olha Novak, who leads project implementation efforts in critical infrastructure for IoT/OT cybersecurity focused integrator Bakotech. Dmytro and Olha will provide unique visibility into the evolution of a critical infrastructure cyber program under unprecedented combined cyber and kinetic assault, and the session will close with Michael interviewing Dmytro and Olha about their experiences – and how Ukraine’s allies can support their efforts. |
Michael Dugent Global IoT Director at Nozomi Networks
Dmytro Doronin CISO, Ukrhydroenergo | Ukraine’s largest hydropower-generating company
Olha Novak Security Engineer, Bakotech | System integrator in Ukraine |
Lilleakerveien 4E, 0283 Oslo |
|
15:55 - 16:15 |
Break |
|
|
|
16:15 - 16:55 |
What history reveals about today’s leaders After a day focused on infrastructure, hybrid threats, and geopolitical pressure, this closing conversation steps back to examine the individuals who shape world events. In dialogue with Robby Peralta, Jakob Naustdal of NRK’s Tyrann reflects on what history teaches us about authoritarian leadership, political ambition, and the recurring patterns of power. Drawing on his deep study of past rulers and regimes, Naustdal offers perspective on today’s global actors: how they consolidate influence, how they signal intent, and how democracies tend to underestimate them. The conversation explores whether we are witnessing familiar historical cycles, or something structurally different in the current era. |
|
Lilleakerveien 4E, 0283 Oslo |
|
17:30 - 21:00 |
The sea-based part of the summit with an evening cruise and dinner on the fjord For the evening activity, we’re delighted to invite you aboard the remarkable Brim Explorer. We’ll cruise silently through the Oslo fjord, creating a unique setting for conversation, connection, and reflection. Dinner will be served on board, accompanied by what we hope will be great conversations and who knows, perhaps a little magic along the way. If you need to disembark before 21:00, an early exit option will be available halfway through the cruise. |
|
The Oslo Fjord on the boat Brim Explorer |
|
21:00 - |
Optional nightcap For those who want to shake off their sea legs, we invite you to a last opportunity to network and enjoy the May evening at Oh Dear wine bar. |
|
Oh Dear, Holmens gate 4, 0252 Oslo |
| When | What | Who (click to read more) | Where |
|
08:30 - 09:00 |
Registration |
|
Bygdøy allé 39, 0265 Oslo |
|
09:00 - 09:05 |
Welcome to the second day of the C2 Summit 2026 |
Robby Peralta & Pål S. Magnus |
Bygdøy allé 39, 0265 Oslo |
|
09:05 - 09:25 |
|
Tønnes Ingebrigtsen CEO, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
09:25 - 10:00 |
Lay of the land: 2026 and beyond This is the fourth edition of this session, providing an update on how the cybersecurity landscape continues to evolve. Over the past year, the market has seen significant growth in vendors, platforms, and particularly AI-driven security capabilities, with a pace that challenges many organisations’ ability to adapt. The session will focus on three critical shifts: First, the accelerating race between vulnerability discovery and exploitation, where the time between identification and active use is rapidly decreasing. Second, the maturation of AI security and governance as an operational discipline, shaped by emerging risks such as shadow AI. And third, the increasing importance of developer environments as a primary attack surface, driven by supply chain threats and AI-assisted development. |
André Holvik Product Manager, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
10:00 - 10:20 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
10:20 - 11:00 |
|
Fred Streefland Global Field CISO, Check Point
|
Bygdøy allé 39, 0265 Oslo |
|
11:00 - 11.15 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
11.15 - 12:00 |
Experience sharing: Vulnerability management in practice Closing the morning session, three security leaders take the stage to discuss vulnerability management from markedly different operational realities. Representing a hybrid environment, a cloud-native organisation, and an OT-driven enterprise, they will share firsthand experiences from the front lines of risk reduction. The panel will move beyond theory to address what has actually worked, what has failed, and where assumptions break down in practice. How do you prioritise effectively? Where do programs stall? What creates measurable progress, and what only creates reporting? Expect a candid exchange grounded in operational lessons, hard trade-offs, and practical approaches to managing vulnerabilities across fundamentally different technology landscapes. |
Department Director, IT Division, Skatteetaten
Øyvind Bergerud Head of Security Operations, Storebrand
Knut Håkon Tolleshaug Mørch Director IT Architecture and Cybersecurity (CTO/CISO), TINE
|
Bygdøy allé 39, 0265 Oslo |
|
12:00 - 12:25 |
Bus to Holmenkollen |
|
Bygdøy allé 39, 0265 Oslo |
|
12:25 - 13:15 |
Lunch with a view at Pressesenteret
|
|
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
13:15 - 13:55 |
Insider risk in 2026: Humans, agents, and the new control paradigm After lunch, Matt Cooke, Director of Cybersecurity Strategy at Proofpoint, takes the stage to examine how insider risk programs must evolve for 2026 and beyond. As organisations integrate AI and increasingly autonomous, agentic capabilities into everyday systems, the definition of “insider” is expanding. Matt will explore how traditional insider risk models, built around human behavior, must adapt to address both typical users and machine-driven actors operating with delegated access and decision-making authority. The session will outline how existing technologies can be leveraged more effectively, where new controls are required, and which governance mechanisms must be introduced to manage emerging risks. Expect a forward-looking perspective on how to engineer insider risk programs that remain resilient as IT vendors embed AI and agentic functionality across the enterprise stack. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
13:55 - 14:10 |
Break |
|
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
14:10 - 14:50 |
Adversary in action: Lessons from the field Following the strategic outlook on insider risk, renowned ethical hacker Rob Shapland brings the audience into the operational reality of modern intrusion tactics. Drawing on recent physical penetration tests, Rob will share firsthand accounts of how organisations are breached in practice, not just through technical exploits, but through human trust, process gaps, and real-world manipulation. He will also demonstrate how techniques associated with groups like Scattered Spider, such as targeted social engineering and help desk exploitation, are being adapted and refined to gain initial footholds. The session concludes with the core recommendations he delivers to clients: the specific controls, cultural shifts, and procedural changes that reduce exposure. Expect a direct, experience-driven perspective on how attackers think, and how organisations can close the gaps they routinely exploit. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
14:50 - 15:05 |
Break |
|
|
|
15:05 - 15:45 |
Securing the autonomous enterprise: Threats to AI and agentic systems To close the day, Eoin Wickens, Head of Threat Intelligence at HiddenLayer, will examine the emerging attack landscape targeting AI and agentic systems. Drawing on recent incidents observed across their client base, Eoin will outline how adversaries are probing, manipulating, and exploiting machine learning models and autonomous workflows. From model abuse to indirect prompt injection and system-level weaknesses, he will clarify where the real risks are materialising. The session will conclude with a practical view of how leading organisations are adapting, what defensive strategies are proving effective, which controls are being prioritised, and how security teams are evolving to protect AI-driven environments. A forward-looking end to a day focused on resilience in a rapidly shifting threat landscape. |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
|
15:50 - 16:30 |
How Nordmarka shaped a nation on skis What can a forest, a hill, and a pair of skis tell us about a nation? In this inspiring session, celebrated Norwegian cultural historian Thor Gotaas takes the audience into Holmenkollen and Nordmarka, the iconic landscapes that helped define Norway’s identity and launch skiing onto the world stage. Blending history, culture, and human insight, he reveals how skiing evolved in Nordmarka, how it spread globally, and why outdoor life remains essential for mental well-being in a digital, sedentary, high-pressure age. A compelling talk about movement, meaning, and the enduring value of nature. |
Thor Gotaas Folklorist and author |
https://maps.app.goo.gl/L7eVc8xz5mR5Bc627 |
|
16:30 - 18:15 |
Your choice: Olympic precision or polar history To spark both body and mind, we invite you to choose between two unique experiences: Option 1: Step into the world of biathlon Get a taste of what the world’s best biathlon athletes experience together with Koll Biathlon at the iconic Oslo Olympic Arena. Challenge yourself, learn from the experts, and discover what it takes to combine precision, focus, and endurance. The session will be kept at a light and accessible level, well below the “break a sweat” threshold, so there’s no need to change clothes or plan for a shower afterwards. Just bring yourself and enjoy the experience. Option 2: A journey through Norway’s skiing heritage Enjoy a guided visit to the National Ski Museum in collaboration with Skiforeningen. Experience the dramatic and captivating story of Norway’s polar exploration history, and gain insight into Norway’s pivotal role in shaping modern cross-country and alpine skiing as we know it today. Whether you prefer physical activity or cultural inspiration, both options promise a memorable and distinctly Norwegian experience. |
|
Holmenkollen National Arena or the ski museum |
|
18:15 - 18:30 |
Bus transfer from Holmenkollen to Frognerseteren Restaurant |
|
|
|
18:30 - 22:30 |
Dinner and drinks at Frognerseteren / Storstua |
|
Holmenkollveien 200, 0791 Oslo |
|
21:00 and 23:00 |
We will have two return buses leaving Frognerseteren to Radisson Scandinavia. One bus leaving 21:00 and the second 23:00 |
|
|
| When | What | Who (click to read more) | Where |
|
08:30 - 09:00 |
Registration |
|
Bygdøy allé 39, 0265 Oslo |
|
09:00 - 09:05 |
Welcome and plan for the day |
Robby Peralta & Pål S. Magnus |
Bygdøy allé 39, 0265 Oslo |
|
09:05 - 09:40 |
Locked Shields and Crossed Swords Drawing on mnemonic’s participation in NATO’s Locked Shields and Crossed Swords exercises, she will share concrete lessons from the front lines of large-scale cyber defence simulations. Oda will explain what these exercises reveal about modern crisis response, where organisations typically fail, and what separates resilient teams from the rest. As Lead for Incident Readiness at mnemonic, she will outline what companies must prioritise now to strengthen preparedness, contribute to societal stability, and meet the demands of the years ahead. |
Oda Bruaset Brath Service Lead, Incident Readiness, mnemonic
Ulrik Sagelvmo Governance, Risk and Compliance Consultant, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
09:40 - 09:55 |
Break |
|
Bygdøy allé 39, 0265 Oslo |
|
09:55 - 10:30 |
What should GRC actually mean in 2026? After years of regulatory expansion, accelerating digital transformation, and the operationalisation of AI, Governance, Risk and Compliance can no longer function as a reporting exercise. It must become a strategic capability. Anne Aune, Head of GRC at mnemonic, together with GRC Security Consultant Anders Olsen, examine how organisations need to rethink GRC in light of this new reality. Executive leadership is now expected to understand and communicate in the language of security, while mid-level management is measured not only on financial and quality KPIs, but increasingly on security performance. This shift requires a new capability: translating technical findings from platforms such as security tools and applications into business-relevant insight and actionable management decisions. Many leadership teams recognise that security is a priority, yet struggle with where to start. That uncertainty is driving fundamental changes in how security governance and advisory services are delivered. In this session, the speakers outline how governance and risk functions are evolving, what this means for management teams, and how security leadership is likely to develop in the coming years. While AI will influence this evolution, the focus remains on the structural and organisational transformation redefining modern security governance. |
Anders Hval Olsen Team Leader and Security Consultant, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
10:30 - 10:45 |
|
|
Bygdøy allé 39, 0265 Oslo |
|
10:45 - 11.15 |
Vibe coding and offensive security these days After discovering a now fixed security misconfiguration in a telco network, Norwegian broadcaster NRK and mnemonic's Harrison Sand found that it was possible to locate the real-time location of customers of the telco provider within a few hundred meters. During the presentation, Harrison will be sharing how he found the vulnerability, how it worked, and what it reveals about the broader state of offensive security these days. He will also be highlighting the importance of examining complex systems, and how AI tools are changing the way security researchers approach this work. As it both speeds up the research process and lowers the barrier for people to carry out this kind of research. |
Harrison Sand Offensive Security Researcher, mnemonic |
Bygdøy allé 39, 0265 Oslo |
|
11.15 - 12:15 |
Lunch at Kolonihagen and Brasserie Ouest |
|
|
|
12:15 - 13:45 |
Experience sharing: LLMs and agentic systems in production In this session we will hear from multiple organizations regarding their experience with LLMs and agentic systems. AI in the SOC: What we’ve learned from building an agentic triage assistant Roger Storløkken is a Principal MDR Strategist at mnemonic, but also a former CISO and Head of Incident Response. He will share practical lessons from building and deploying an agentic AI triage assistant inside mnemonic. What problems does it genuinely solve? Where does human judgment remain irreplaceable? How do you avoid introducing new operational or security risks while trying to increase efficiency? This session focuses on applied experience, architecture choices, governance considerations, measurable impact, and the limitations discovered along the way. Agentic systems within the Norwegian Oil Fund NBIM has been on an ambitious AI journey over the past three years. Stian will share how the organization positioned itself to fully embrace AI, from building platform foundations and guardrails to driving adoption across teams. Practical lessons for anyone navigating the same path. Detection engineering in DNB Senior Vice President and Engineering Manager Truls Hagen shares how DNB is evolving detection engineering by integrating LLMs and agent-based systems into their security workflows. This session explores how DNB is experimenting with AI to assist in writing, validating, and tuning detections - reducing manual effort while increasing coverage. Truls will walk through where LLMs provide real value today, such as accelerating detection development and improving context enrichment, and where they still fall short. Incident response in Storebrand Lead Detection Engineer Eirik Sveen presents how Storebrand is modernising incident response by combining automation, detection engineering, and AI-assisted workflows. Eirik will walk through what Storebrand has actually built to improve response speed and consistency, including how alerts are triaged, enriched, and escalated. The session highlights how automation and AI are used to support. not replace, analyst decision-making during active incidents. |
Roger Storløkken Senior Security Consultant, mnemonic
Stian Hagbø Olsen Senior Security Engineer, NBIM
Truls Hagen Senior Vice President Engineering Manager - Cyber Defence Center, DNB
Eirik Sveen Lead Detection Engineer, Storebrand |
Bygdøy allé 39, 0265 Oslo |
|
13:45 - 14:00 |
Break
|
|
Bygdøy allé 39, 0265 Oslo |
|
14:00 - 14:50 |
Hidden Dragon: A thriving Chinese fraud ecosystem In this session, Merrill will unveil the operational structure of one of the largest known Chinese-language smishing syndicates. Participants will gain insight into how these actors engineer and sustain sprawling fraud campaigns via modular phishing kits, exploit SMS/RCS/iMessage platforms, and monetise stolen credentials through digital wallet provisioning and cryptocurrency flows. The talk includes technical kit analysis, infrastructure mapping, and defensive takeaways for abuse teams. |
Ford Merrill Sr. Director, Research & Innovation |
Bygdøy allé 39, 0265 Oslo |
|
14:50 - 15:00 |
Thanks for now! |
|
Bygdøy allé 39, 0265 Oslo |