Security Days 2026: Securing tomorrow together
Utrecht, Netherlands | 7-9 April 2026
Security is the foundation of trust, the trust that enables collaboration, innovation, and open research across borders. GÉANT Security Days 2026 brought together the community that safeguards that trust: security professionals, network experts, incident responders, and CISOs from across its NREN community and their connected institutions.
Under the theme “Securing Tomorrow Together,” this year’s conference explored how collective intelligence, shared experience, and coordinated security measures are shaping the future of cybersecurity for research and education in Europe and beyond. Through hands-on training sessions, eye-opening keynotes, real-world case studies, and forward-looking discussions, the conference addressed topics such as: cloud security, community engagement, cyber resilience, the human factor, financial constraints and practical security.
GÉANT Security Days is a working forum where ideas become solutions and collaboration drives resilience. Whether you’re leading a CSIRT, building secure networks, or shaping security policy, this is where the community comes together to secure our future.
Partner
SURF is the IT cooperative of Dutch education and research. Its members own SURF and join forces to develop or procure the best digital services, innovate together, and develop and share knowledge. Secure, reliable and independent.
Opening plenary: 7 April 2026
Keynote: The bumpy road ahead - IT security challenges of the next years
Frank Rieger, Chief Technical Officer
IT security is entering a new era with the advent of agentic LLMs that can mimic the traits of successful attackers and defenders - endless patience, comprehensive knowledge and high attention focus. This new world however does not mean that the old problems go away. Maintaining control of your network, systems, endpoints and software has become even more important, as things are speeding up considerably on all aspects. This talk will explore the bigger picture, where things are potentially heading, and good practices to keep our users secure.
About Frank
Frank is a hacker, author and internet activist, and was a spokesperson for the German Chaos Computer Club until 2025. He has co-founded successful German start-ups in the fields of mobile navigation and maps, information security and e-reading. Frank is currently the Chief Technical Officer of a leading supplier of secure communication systems.
His texts on the impact of technology on society can be read in major papers such as the Frankfurter Allgemeine Zeitung or Lettre International. Together with Constanze Kurz he has published two best selling books on privacy ("Die Datenfresser", S. Fischer 2011) and the future of work in a world of machines ("Arbeitsfrei", Riemann/Random House 2013).
Keynote: Start your own Internet Resiliency Club
Valerie Aurora, Amsterdam Internet Resiliency Club
Our internet access can be cut off at any time by accidents, natural disasters, and armed conflict. Climate change and current geopolitical threats make this increasingly likely in Europe. How can we prepare our communities to cope with a temporary loss of internet connectivity, and perhaps help speed the return of internet access? This talk describes how to start your own Internet Resiliency Club using LoRa radios, mesh networking, and community management.
About Valerie
Valerie Aurora is an open source software engineer with more than 25 years of experience in operating systems. After moving from San Francisco to Amsterdam in 2023, she now works on improving European digital independence. She was a special rapporteur for the Cyber Resilience Act and served on the program committee for RIPE. She is the co-founder, with Sasha Romijn, of the Amsterdam Internet Resiliency Club.
8 April 2026
Keynote: Play More Today. Secure Tomorrow.
Nancy Beers, Sanne Cyber and Happy Game Changers
Hacking in essence is playing with technology. Playing is proven to be crucial for learning, innovating and flexibility, and thus is a fundamental tool for security experts.
One of Nancy's favourite quotes is “If you don’t want to be replaced by a computer, don’t act like one” (Arno Allan Penzias). So, are you ready to get up from your seat and join her on a journey exploring the power of playing and playfulness in a security setting?
Using the full breadth and depth of her scientifically-backed knowledge, Nancy will demonstrate ways in which play can bring measurable, impactful and positive change to the way we interact, think and create. Combining recent insights with interactive games, Nancy will delve into the dynamics of playing in a presentation for those looking to shake things up in their personal or professional lives, in teams, and organisations. It's time to take playfulness seriously!
About Nancy
Nancy Beers is a seasoned gamification expert and the owner of Sanne Cyber and Happy Game Changers. With over 25 years of experience in Information and Communication Technology (ICT), Nancy brings a wealth of knowledge and expertise to the table. As the co-chair of Stichting IFCAT and a passionate advocate for digital rights and freedoms, she is helping to shape the Dutch hacker community. Nancy is an international speaker and avid participant in global ICT events, whose engaging talks cover topics ranging from female leadership and women in tech, to cybersecurity and gamification.
Nancy was deeply involved in the organisation of WHY2025, the Dutch Hacker Camp. Her dedication to fostering collaboration, innovation, and exploration within the hacker community is evident in her role as a co-organiser of this event. Beyond her professional endeavours, Nancy is an amateur social engineer and open source hippie, and is constantly seeking new ways to leverage technology for positive change. With her unique blend of technical skills and social insight, Nancy continues to push the boundaries of what is possible in the world of hacking and beyond.
Topics
Security Operation Centres (SOCs): SOCs have started to become the heartbeat of institutional security. But how do you scale SOC capabilities across multiple institutions, limited resources, and growing alert fatigue? Delve into collaborative SOC models, threat intelligence sharing within the GÉANT community, and the future of automation and Artificial Intelligence in incident response.
Artificial Intelligence (AI): AI is transforming the security landscape for defenders and attackers. How can AI detect anomalies and predict threats? How are malicious actors leveraging generative AI to scale phishing, automate malware creation, and manipulate systems? Explore ways in which the GÉANT community can harness AI ethically and effectively, without falling for the hype.
Cloud security: Cloud adoption continues to accelerate across NRENs and institutions, but so do the risks. Focus on securing multi-cloud and hybrid environments, building trust in third-party services, and ensuring compliance in an increasingly borderless IT world.
Community engagement: What makes the GÉANT security community unique is its openness, trust, and shared mission. Explore the power of engagement from cross-NREN collaborations and open tools, to mutual support during incidents. How do we foster stronger bonds across borders and disciplines, ensure inclusivity, and bring new voices to the table?
Cyber resilience: Cyber resilience is about enduring attacks, recovering fast, and learning constantly. This topic concentrates on risk management, continuity planning, and how institutions are embedding resilience into governance, architecture, and culture. What does resilience really mean in 2026?
The human factor: Phishing. Credential reuse. Misconfigurations. The blame game is outdated. Examine creative, effective awareness strategies that go beyond training modules. How can we empower people to be part of the solution?
Unconference / storytelling session: The strangest requests can often hold hidden insights. This fun, informal participant driven session invites community members to share stories that are bizarre, challenging, or just funny - and the lessons learned from them.
Squeezed budgets, stretched teams: Security expectations are rising, but resources aren’t. Many NRENs are now expected to provide centralised CISO services, monitor dozens of institutions, and manage complex compliance needs, all with flat budgets and shrinking teams. Discover pragmatic strategies, collaborative approaches, and automation to keep moving forward.
Practical security: No buzzwords. No fluff. Just hard-won lessons and tactical advice on securing applications, writing secure code, dealing with dodgy APIs, and surviving modern deployments. Plus Kubernetes without tears. This is the hands-on track for practitioners who want actionable takeaways, code samples, and real tools.
Sponsors
Location | Utrecht - the heart of the Netherlands
Security Days 2026 comes to Utrecht, one of Europe’s most vibrant and forward-thinking cities. Located in the very heart of the Netherlands, Utrecht blends centuries of history with cutting-edge innovation.
Stroll along the city’s iconic canals, lined with busy cafés, creative workspaces, and medieval architecture. Home to Utrecht Science Park and a growing number of cybersecurity start-ups, the city is a magnet for innovation, sustainability, and digital transformation. Enjoy Utrecht’s vibrant nightlife, cosy restaurants, and the warm Dutch hospitality that makes every visit memorable.
Conference venue | Royal Jaarbeurs Utrecht
Located next to the Utrecht Central Station, Supernova is not only easily accessible but also offers a spacious and futuristic design. With five conference rooms accommodating up to 450 attendees, Supernova is the place where inspiration meets innovation.
