Program - Spring ITAPA 2026
The European Union is preparing a major revision of the Cybersecurity Act (Cybersecurity Act 2.0), which could significantly reshape the digital market, certification processes, and cybersecurity regulations across Europe. The new framework will no longer focus solely on technical standards, but will also address strategic autonomy, supply chain trustworthiness, and non-technical risks related to the origin of technologies and manufacturers. What role will ENISA play? How will European certification evolve, and what impact will the new rules have on governments, critical infrastructure, and the private sector? And where is the line between cybersecurity protection and the emerging geopolitics of technology?
Today, national resilience means more than just protecting information systems. Critical infrastructure, government digital services, energy, transportation, and communications are increasingly dependent on technology while also becoming more exposed to cyber threats. The European Union is therefore tightening requirements for critical infrastructure protection, risk management, and national crisis preparedness. The discussion will focus on the relationship between critical infrastructure protection, cybersecurity, and cyber defense. How can the continuity of essential government services be ensured during incidents or crises?
Growing regulatory requirements are placing increasing demands on organizations, many of which lack sufficient financial and human resources. According to surveys, only a small fraction of organizations consider their preparedness for new obligations to be adequate, with regulations becoming a significant source of pressure on IT and security management. This session will focus on identifying the minimum viable measures needed to meet legislative requirements and practical approaches to effective implementation—even within a limited budget. It will present risk prioritization and pragmatic strategies for leveraging existing resources.
Július Selecký, ESET
We’ll announce the name of the speaker you can meet soon.
Ferdinand Vavrík, Ministry of Finance of Slovak Republic
Both European and Slovak regulators are responding to mounting cyber threats through a dynamic expansion of legislation. Alongside the NIS2 Directive, the AI Act is entering into force with the potential for significant penalties; the first deadlines under the Cyber Resilience Act (CRA) are beginning to lapse, and a revision of the Cybersecurity Act (CSA) is underway. Simultaneously, indirect interventions into the NIS2 framework are occurring. This session will provide an overview of the European and Slovak cybersecurity legislative structure, explain its context and internal logic, and identify the primary impacts on compliance management. It will also focus on expected developments and the practical challenges organizations will face in the near future.
Radoslav Repa, National Security Authority
AI agents are emerging as a new class of "digital workers"—tireless, scalable, and increasingly empowered to act without direct human intervention. However, this very autonomy fundamentally reshapes organizational security models and introduces entirely new classes of risk. Beyond legitimate use, agentic AI is becoming a potent tool for adversaries, enabling the automation of reconnaissance, social engineering, attack generation, and the bypassing of security mechanisms at unprecedented scale and speed. A featured case study will demonstrate how a beneficial tool can transform into an active threat vector the moment autonomy outpaces control mechanisms. This session will focus on emerging threats associated with AI agent deployment, their exploitation in offensive scenarios, and strategies for managing these risks—from permission mapping and oversight to implementing security frameworks for agentic systems.
PARTNER OF THE PANEL IS COMPANY CHECKPOINT
Juraj Jánošík, ESET
Tomáš Vobruba, Check Point
Current cybersecurity legislation has generated a significant demand for professional capacity - estimates suggest a need for more than 10,000 cybersecurity managers. However, the actual number of experts is currently only in the hundreds. Consequently, cybersecurity in many organizations is managed either formally or insufficiently. This session will address the root causes of this misalignment between regulation and real-world capacity, its impact on organizations, and potential solutions. It will present approaches to effective security management amidst expert shortages, including options for shared capacity, outsourcing, and internal competency development. The discussion will also explore systemic measures required to address this situation at both the market and public policy levels.
Maximilián Strémy, Slovak University of Technology in Bratislava
The year 2026 marks a pivotal milestone in the field of cybersecurity. Post-quantum cryptography (PQC) is progressively moving from academic theory into practical application, as the anticipated arrival of quantum computers (the so-called "Q-Day") pressures organizations to protect sensitive data well in advance. This session will focus on the practical implications of this transformation—specifically the need for crypto-agility: the ability of organizations to flexibly change and update cryptographic mechanisms without major disruptions to their infrastructure. It will present the current state of standardization, migration strategies to PQC, and demonstrate why preparedness for these changes is becoming not only a security necessity but also a significant competitive advantage.
Ľubomír Labanc, IBM Slovakia
We’ll announce the name of the speaker you can meet soon.
Today, a cyber incident in the public sector is no longer merely a technical problem or an IT system outage. It can paralyze public services, disrupt financial processes, compromise citizens’ sensitive data, and undermine trust in government. The resilience of digital services is therefore becoming one of the key issues in both security and governance.The discussion will explore how individual ministries are building the capacity to prevent incidents, monitor threats, and ensure operational continuity for systems the state cannot afford to lose. What experience do they have in building security oversight, response capabilities, and BCP/DRP frameworks? The panel will also address inter-ministerial cooperation, incident response coordination, and the state’s preparedness for situations in which the failure of digital services could have an immediate impact on the functioning of the country.
Jozef Pajtina, Ministry of Labour, Social Affairs and Family of the Slovak Republic
Stanislav Schubert, Ministry of Finance of the Slovak Republic
Cybersecurity is becoming one of the key factors affecting the functioning of the state, the economy, and society. Growing geopolitical tensions, new European regulations, the rise of artificial intelligence, and increasing dependence on digital services are fundamentally changing the requirements for the resilience of organizations and of the country as a whole. The ITAPA Cybersec Round Table Summit will bring together key representatives from government, regulatory bodies, the security community, and the technology sector. The panel will address questions regarding Slovakia’s preparedness for new types of cyber threats, the strengthening of national resilience, the protection of critical infrastructure, and the impact of AI on security and trust in the digital space. The discussion will also explore how to effectively bridge the public and private sectors, address the shortage of experts, and define the priorities Slovakia should set in building a modern and secure digital state.
Ivan Makatura, Cybersecurity Association
Ladislav Šnapko, Ministry of Investment, Regional Development and Informatization of the Slovak Republic
See the list of exhibitors
