ICCC25 Conference Agenda
Tuesday 21 October
08:00 - 09:00 Registration
Diamond Hall
09:00 - 10:15 Plenary Keynote Session
Diamond Hall
| Moderator: Wouter Slegers, ICCC Chair, and CEO, TrustCB, Netherlands |
09:00 Introduction & Welcome (P10a) Wouter Slegers, ICCC Chair and CEO, TrustCB, Netherlands
09:10 Government Keynote (P10b) TBA
09:40 Common Criteria Development Board (CCDB) Update (P10c) Julie Chuzel, Policy Officer on European Cybersecurity Certification, Agence nationale de la sécurité des systèmes d’information (ANSSI), France
09:55 Common Criteria Management Committee (CCMC) Update (P10d) Naruki Kai, Information-technology Promotion Agency (IPA), Japan
10:10 Common Criteria Recognition Arrangement (CCRA) New Member Signing Ceremony (P10e) Naruki Kai, Information-technology Promotion Agency (IPA), Japan
10:15-10:55 Networking Break in Exhibits
Diamond Hall
10:55 - 12:40 Plenary Keynote Session
Diamond Hall
| Moderator: Wouter Slegers, ICCC Chair, and CEO, TrustCB, Netherlands |
10:55 Industry Keynote (P11a) Justin Choi, Vice President and Head of the Security Team, Samsung Electronics, South Korea
11:25 Common Criteria User Forum (CCUF) Update (P11b) Petra Manche, Common Criteria Manager, Cisco, United Kingdom
11:40 Panel Discussion on Navigating the EUCC: Opportunities, Challenges, and the Road Ahead (P11c) Leader: Wouter Slegers, ICCC Chair and CEO, TrustCB, Netherlands [60MIN]
12:40 - 13:40 Lunch in Exhibit Area
Diamond Hall
13:40 - 15:10 Track Sessions
Sapphire Room
| Advances in the Use of Common Criteria (A12) Select Topics |
| Moderator: TBA |
13:40 The Journey: Adapting CC Projects In A Changing Compliance Landscape – From Legacy CCv3.1R5 To CC:2022 And EUCC (A12a) Katia Rojas, Compliance Program Manager, SUSE Software Solutions Germany GmbH, Germany
14:10 First Experiences On CCDB-018 (A12b) Jussipekka Leiwo, Security Strategy Consultant, DNV Cyber, Finland
14:40 Developing The Security Proof And The Evaluation Method For Protection Profile To Prepare And Measure Quantum Key Distribution Modules (A12c) Kenji Yamaya, Director of Evaluation Center, ECSEC Laboratory Inc, Japan
Emerald Room
| Cybersecurity Certification Schemes Landscape (L12) Market Landscape |
| Moderator: TBA |
13:40 2025 CC Statistics Report “Global CC Statistics At The Start Of The EUCC Era” (L12a) José Manuel Pulido, Consulting Leader, jtsec, Spain
14:10 Beyond the Speed of Change: Evolving Security Evaluation for Rapid Technology Development (L12b) Dan O’Laughlin, Vice President Engineering, Qualcomm Inc., United States
14:40 Advancing Cross-Border Cybersecurity Certification And Compliance In Europe: A Coordinated Operational Framework (L12c) Khalimatou Samirah, Cybersecurity Certification Officer, National Standards Authority of Ireland, Ireland
Ruby Room
| Updates from Schemes and iTCs (U12) Reports, Schemes |
| Moderator: TBA |
13:40 One Year On—Impacts Of ‘Non-Security’ Regulation And Laws On National Security And Products (U12a) Adam Golodner, Managing Partner, AMG Global Cyber Law, PLLC, United States
14:10 One Year Of EUCC: Addressing Implementation Challenges Through Collaboration (U12b) Diamandis Zafeiriades, Head of DSA, Digital Security Authority, Cyprus
14:40 Certificate Monitoring As A Service In The Cybersecurity Certification Sector (U12c) Gaetano Cavarretta, Senior Officer, National Cybersecurity Agency – Agenzia per la
Cybersicurezza Nazionale (ACN), Italy
15:10 - 15:40 Networking Break in Exhibits
Diamond Hall
15:40-17:10 Track Sessions
| Advances in the Use of Common Criteria (A13) High Assurance Applications |
| Moderator: TBA |
15:40 pKVM SESIP 5 Evaluation Abstract (A13a) Brian Wood, Program Manager, Google, United States
16:10 Review Of Hongmeng Kernel Certifications And Future Ideas (A13b) Zhe Liu, Chief Expert for OS Kernel Certification Management and Technology Planning, Member of openEuler Security Committee, Huawei Technologies, Co., Ltd., China
16:40 How To Execute Successful Evaluation Projects At The Highest Levels Of Assurance? (A13c) Ellen Wesselingh, Senior Security Architect, Fox Crypto B.V., Netherlands
| Cybersecurity Certification Schemes Landscape (L13) Automotive |
| Moderator: TBA |
15:40 CC/SESIP As A Vehicle For Compliance Across Industries (L13a) Sergio Casanova, General Manager, Brightsight, Spain
16:10 Bringing Common Criteria Into Vehicle Components (L13b) Namseok Kim, Cybersecurity Specialist, LG Electronics, South Korea
16:40 Securing The Future Of IoT Devices In Australia (L13c) Sebastian Scandura, Chief Risk Officer, Securus Consulting Group, Australia
| Updates from Schemes and iTCs (U13) Schemes |
| Moderator: TBA |
15:40 Korean Scheme Updates (U13a) Eunkyoung Yi, Manager/Principal Researcher, National Security Research Institute, IT Security Certification Center, South Korea
16:10 Scheme Update Of The Italian Certification Body Towards EUCC (U13b) Tiziano Inzerilli, Senior Advisor, ACN – Agenzia per la Cybersicurezza Nazionale, Italy
16:40 US Scheme Update (U13c) Angela Soum, NIAP, United States
17:10 - 18:30 Welcome Reception in Exhibits
Diamond Hall
Open to everyone. Located in the Exhibit Area. Catch up with your colleagues for a refreshing beverage at the end of the day’s events.
CC Certificate Presentation Ceremony (P14a)
A free event for conference registrants. During ICCC, CC-certified product developers and certifiers will have the opportunity to receive a commemorative certificate from participating national schemes and receive of photograph of the presentation. Those who wish to participate must respond by 9 September, 2025. More info.
Wednesday 22 October
08:00 - 09:00 Coffee in The Exhibits
Diamond Hall
09:00 - 10:30 Track Sessions
Sapphire Room
| Advances in the Use of Common Criteria (A20) Vulnerability Management |
| Moderator: TBA |
09:00 An (Updated) Journey Through Attack Potential, CVSS Score And EPSS Score (A20a) Mirko Malacario, Senior Officer, National Cybersecurity Agency – Agenzia per la Cybersicurezza Nazionale (ACN), Italy
09:30 Panel Discussion: Vulnerability Management In Certified Products: Beyond Certification Maintenance (A20b) Sergio Casanova, COO/CTO/Director/Senior Security Evaluator, Brightsight, Spain [60MIN]
Emerald Room
| Cybersecurity Certification Schemes Landscape (L20) CRA |
| Moderator: TBA |
09:00 Navigating Module H Conformity Assessment For CRA Compliance—Perspectives From Notified Bodies And Manufacturers (L20a) Jose Emilio Rico, Cybersecurity Strategy & Global Certification Director, DEKRA Testing and Certification S.A.U., Spain
09:30 Fast-Tracking CRA And RED Compliance With EUCC: A Regulatory Alignment Blueprint For ICT And IoT Security (L20b) Cansu Yener, Senior Certification Specialist, Secura BV, Netherlands
10:00 Combined Evaluations For EUCC And NIAP Protection Profiles—A Dual Approach For Global Assurance (L20c) Wei Yuan, Director of Operations, Cybersecurity BU, Applus+ Laboratories, Spain
Ruby Room
| Updates from Schemes and iTCs (U20) Schemes |
| Moderator: TBA |
09:00 French Scheme Update (U20a) Géraldine Avoué, Security Expert, ANSSI, France
09:30 Update Of The German CC Certification Scheme (U20b) Sandro Amendola, Director General, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
10:00 Spanish Scheme Update (U20c) Luis F., Representative, CCN, Spain
10:30 - 11:00 Networking Break in Exhibits
Diamond Hall
11:00 - 12:30 Track Sessions
| Advances in the Use of Common Criteria (A21) New Domains |
| Moderator: TBA |
11:00 Navigating PP-Configuration Complexity: Toward Reliable And Scalable Security Target Development (A21a) Maurizio Brini, Cybersecurity Consultant, atsec information security, Italy
11:30 Implementing Common Criteria Certifications For The 3D Additive Manufacturing Process (A21b) Alan Sukert, Chair IDS Working Group, ISTO Printer Working Group, PWG, United States
12:00 Secure Erase—The Final Frontier? (A21c) David Low, Principal Security Engineer, Teron Labs, Australia
| Cybersecurity Certification Schemes Landscape (L21) EUCC |
| Moderator: TBA |
11:00 EUCC – CRA Mapping (L21a) Philippe Blot, Head of Sector Certification, ENISA, Greece
11:30 Panel Discussion: On The Achievements And Challenges For EUCC- And CCRA-Certifications (L21b) Sandro Amendola, Director General, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany [60MIN]
| Updates from Schemes and iTCs (U21) Schemes |
| Moderator: TBA |
11:00 Japan Scheme Update (U21a) Toru Hashimoto, Assistant Manager, IPA, Japan
11:30 Canada Scheme Udpate (U21b) Cory Clark, Supervisor Canadian Common Criteria Program, Canadian Centre for Cyber Security, Canada
12:00 The Dutch Approach To Quality Assurance (U21c) Glenn Wever, Security Specialist EU Cybersecurity
Certification, Dutch Authority for Digital Infrastructure, Netherlands, Netherlands
12:30 - 13:30 Lunch in Exhibit Area
Diamond Hall
13:30 - 15:00 Track Sessions
| Advances in the Use of Common Criteria (A22) Development |
| Moderator: TBA |
13:30 How To Model Secure Remote Development Work (A22a) Michael Meissner, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
14:00 Maintaining Assurance In Fast-Paced Software Development: Automation, Delta Evaluation, And Applicability To Common Criteria (A22b) Jiwon Han, Common Criteria Evaluator, KOSYAS, South Korea
14:30 Developer Pain Points: The Escalating Cost Of Common Criteria Compliance In A Fragmented Certification Landscape (A22c) Nurul Asha Binti Jeffridin, Analyst, Cybersecurity Malaysia, Malaysia
| CC in New Domains (D22) Cloud |
| Moderator: TBA |
13:30 Cloud-Ready Protection Profiles: Evolving The Database cPP (D22a) Brandon Harvey, Principal Security Analyst, Oracle, United States
14:00 Evaluation Of Cloud Hosting—A Proposal To Update The NIAP GPOS And Virtualization Protection Profiles (D22b) Tyrone Stodart, Senior Principal Security Analyst, Oracle Corporation UK Ltd, United Kingdom
14:30 Common Criteria Evaluation For Cloud Services—Lightship Security’s Experience And The NIAP Shift (D22c) Lachlan Turner, Director Cyber Labs, Lightship Security | Applus+ Laboratories, Canada
| Updates from Schemes and iTCs (U22) iTCs |
| Moderator: TBA |
13:30 Biometrics Security iTC Update (U22a) Brian Wood, Program Manager, Google, United States
14:00 Network Device iTC (U22b) Kristy Knowles, Security Research Engineer, Cisco, United States
14:30 Hardcopy Devices iTC Update (U22c) Kwangwoo Lee, Security Architect, HP, South Korea
15:00 - 15:30 Networking Break in Exhibits
Diamond Hall
Exhibits Close at 15:30
15:30 - 17:00 Track Sessions
| Advances in the Use of Common Criteria (A23) Assurance Approaches |
| Moderator: TBA |
15:30 CUSTODES: A System For Agile Conformity Assessment Of Security Of Composite Products And Services (A23a) Antonio David Vizcaino Gomez, Cybersecurity Technical Sales, DEKRA, Spain
16:00 Trusting The Layering Process (A23b) Shawn Geddis, Chief Technology Officer, Katalyst LLC, United States
16:30 Evolving Common Criteria Toward Continuous Assurance And Partial Compliance (A23c) Roland Atoui, Director, Red Alert Labs, France
| CC in New Domains (D23) Select Topics |
| Moderator: TBA |
15:30 Secure Cloud Integration: How CC Assurance Anchors Operational Trust (D23a) Jens Oberender, IT-Security Consultant, SRC Security Research & Consulting GmbH, Germany
16:00 The intersection Of EUCC With European Cybersecurity Regulations (D23b) Dean Zwarts, Senior Business Manager Cybersecurity, UL Solutions, Netherlands
16:30 Building Trust In OT: Leveraging Common Criteria For Effective Cyber Defense (D23c) Ramy Abbas, Cyber Security Business Consultant, Honeywell, Qatar
| Updates from Schemes and iTCs (U23) iTCs |
| Moderator: TBA |
15:30 Common Criteria (CC)—Maintenance And Development—What’s New In 2025 Version (U23a) Susanne Pingel, , Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
16:00 CCDB Crypto Working Group Report (U23b) Jonas Fiege, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
16:30 Defense In Depth Using Certified Products (U23c) Chris Gugel, Lab Director, Booz Allen Hamilton, United States
17:30-19:00 Dine-Out Songdo
Enjoy an informal group dinner with your ICCC colleagues at one of Songdo’s leading restaurants. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. This is an optional add-on to the conference registration. On site, you’ll meet your group at the ICCC registration desk and depart from there.
Thursday 23 October
08:00 - 09:00 Coffee
Diamond Hall
09:00 - 10:30 Track Sessions
Sapphire Room
| Advances in the Use of Common Criteria (A30) Vulnerability Assessment |
| Moderator: TBA |
09:00 Thinking Backwards. A Proposal From CB Perspective For AVA Continuous Improvement (A30a) Lorenzo Zamburru, Senior Certifier, ACN – Agenzia per la Cybersicurezza Nazionale, Italy
09:30 Enhancing Vulnerability Assessment In Common Criteria Through Threat Centric Models (A30b) Mehri Yahyaei, Executive Director and Senior Manager of Laboratory, Briska Info Tech Canada Inc, Canada
10:00 Improving CC Evaluation Efficiency Through MAL (A30c) Yejun Kim, PhD research fellow, Korea University, South Korea
Emerald Room
| Meeting Customer Requirements (M30) CC Re-Use |
| Moderator: TBA |
09:00 Architecture-Aware Packages For High-Assurance Physical Security (M30a) Sebastien Colle, Head of Security, Infineon Technologies AG, Germany
09:30 Adressing The Real World: Challenges In Defining A WSCA Protection Profile For An Existing Ecosystem (M30b) Marc Le Guin, Head of Evaluation Body for IT Security, TÜV Informationstechnik GmbH, Germany
10:00 Leveraging Common Criteria To Align With IEC 62443 (M30c) Ibrahim Kirmizi, Senior Security Consultant, Secura B.V., Netherlands
Ruby Room
| Updates from Schemes and iTCs (U30) iTCs |
| Moderator: TBA |
09:00 Dedicated Security Components iTC Update (U30a) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States
09:30 Panel Discussion: iTC’s Lessons From The Past, Working In The Present, And Hopes For The Future (U30b) Maureen Barry, Senior Principal Security Analyst, Oracle, Canada [60MIN]
10:30 - 10:45 Networking Break
Diamond Hall
10:45 - 12:15 Track Sessions
| Advances in the Use of Common Criteria (A31) Select Topics |
| Moderator: TBA |
10:45 Where Is The Best Place To Write New Security Requirement? (A31a) Brian Wood, Program Manager, Google, United States
11:15 How To Manage Certificates In The EUCC Framework – A Possible Approach For Assurance Continuity After The Issuance Of The Certificate (A31b) Massimiliano Orazi, Senior Officer, ACN – Agenzia per la Cybersicurezza Nazionale, Italy
11:45 Conformance Without The Complexity: A Roadmap For Regulatory Readiness (A31c) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics and GlobalPlatform, Belgium
| Meeting Customer Requirements (M31) Cryptography |
| Moderator: TBA |
10:45 PQC: How To Make Sure That ITSEF And CB Are Ready? (M31a) Franck Sadmi, Head of the French Certification Body, ANSSI, France
11:15 CSP-Based Evaluation Of Applications In The Context Of Secure Elements (M31b) Annegret Schöffel, Chiptechnologies and eID Technologies for Mobile Platforms, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
11:45 Challenges And Strategies For Crypto Library Certification (M31c) Lucile Gallant Boisard, Cybersecurity Consultant, Internet of Trust, France
| CC in New Domains (D31) AI |
| Moderator: TBA |
10:45 When AI Meets IA: Rethinking Assurance In The Age Of Intelligence (D31a) Yi Mao, CEO of atsec US, atsec information security corporation, United States
11:15 AI-Driven Compliance: Redefining Global IoT Certification For The Age Of Regulatory Complexity (D31b) Roland Atoui, Managing Director, Red Alert Labs, France
11:45 Platform For Evaluation, Audit And Testing For Artificial Intelligence (PET-Ai): Malaysia Government Journey On AI Adoptions (D31c) Ahmad Dahari Jarno, Head of Department CC Test Lab, Cybersecurity Malaysia, Malaysia
12:15 - 12:30 Networking Break
Diamond Hall
12:30 - 13:35 Closing Plenary Session
Sapphire Room
12:30 Panel Discussion on Challenges to Common Criteria Mutual Recognition: A Global Dialogue
(P32a) Panelists TBA [60MIN]
13:30 Destination Revealed: Announcing ICCC 2026 (P32b)