Berlin Cybersecurity Social #24

​Cyber Risk in Banking & Finance: Regulation, Reality, and Measurement (Roundtable & Lightning Talk)

​Ever wondered what is really happening in banking and finance when it comes to cybersecurity regulation, risk, and board-level accountability?

​Join the Berlin Cybersecurity Social community at the Deutsche Bank Berlin Technology Centre for an evening focused on how cyber risk is understood, measured, and communicated inside some of the most highly regulated organisations in the world.

​This month’s edition brings together senior security leaders from banking and fintech sectors for an open discussion and lightning talk on cyber risk, decision-making, and operating security programs in complex, regulated environments.

​🔹 Roundtable Discussion - 45 mins

​The evening will open with a roundtable conversation featuring:

• ​Deputy CISO from Deutsche Bank Carsten Fischer

• ​Group CISO of N26 Reinhold Wochner

• ​CSO of Upvest Sebastien Jeanquier

​The discussion will explore how security leaders assess and manage risk, align cybersecurity with business priorities, and communicate effectively with executive leadership and boards.

​🎤 Lightning Talk 1 - 30 Mins

​Cyber Risk Quantification: From Theory to Practice
Dr. Sybe Izaak Rispens  - CEO, Steath Mode Startup

​Traditional cybersecurity metrics often fail to express risk in business terms. This session explores how cyber threats can be translated into financial impact using quantitative frameworks such as FAIR. Dr. Rispens will walk through practical steps including identifying critical assets, estimating loss event frequency and magnitude, and using simulations to support decision-making.

​Drawing on real-world experience from financial institutions, including leadership roles at Klarna AB and Trade Republic Bank, the talk shows how cyber risk quantification helps security teams prioritize investments, justify budgets at board level, and integrate cybersecurity into enterprise risk management.

​

​🎤 Lightning Talk 2 - 30 mins

​​Entropy and Empathy: Applying Technical Writing Principles to Cybersecurity

​Dustin Smith - CSO, Deutsche Bank

​Despite significant investment in cybersecurity technologies, many successful cyber-attacks still originate from human behavior rather than technical failure. This talk explores why traditional, information-based security awareness programs often fail to translate into secure behavior, and why cybersecurity culture should be understood as a behavioral and organizational change, not just a compliance or training exercise. Drawing on insights from behavioral economics, psychology, and real-world breach data, it highlights how attackers exploit human decision-making habits and social dynamics, and why simply knowing the “right thing” is rarely enough.

​​The presentation introduces a transformational approach to cybersecurity culture that focuses on shaping behavior, norms, and shared responsibility across the organization, especially under pressure and during incidents. It connects cybersecurity culture to cyber resilience, a critical concern for financial institutions, and examines how these challenges are amplified in the AI era, where attacks are faster, more convincing, and more personalized. The goal is to offer a practical, strategic perspective on how financial institutions can move beyond awareness and compliance toward sustainable, human-centered security.

​As always, expect thoughtful discussion, practical insights, and meaningful connections with peers from across the Berlin cybersecurity community.