Programme
Day 1 – 16th October 2024
08:30 – 09:00
Registration & Coffee
09:00 – 09:05
Introduction from Event Chairs
Sarb Sembhi, CISO, Virtually Informed Application Security
9:05 – 9:45
Keynote: Latest updates in the Information Security arena.
This opening session will be a run-through on most important changes in the past 6 months that are impacting on information security operations. What do we need to be aware of, act on, consider acting on, and what impact do these have on our ability to manage security effectively.
Sarb Sembhi, CISO, Virtually Informed
9:40 – 10:10
Panel Session: The Road to AI Governance
While more and more organisations are reaping the immediate benefits of increased efficiency and innovation thanks to AI, many do not have a defined roadmap allowing for longer term planning of the growing AI ecosystem. In this session we will share experiences around due diligence needed before implementing AI solutions, planning for the accelerating use of AI.
Sarith Chandra, Director of Security, Risk and Compliance, GE HealthCare
10:10 – 10:25
Coffee Break & Networking
All delegates with meetings scheduled in their personal timetable will participate in 25-minute one-to-one meetings during this session.
10:25-11:50
Cyber Engage Huddle 1
Information Security Stream Huddle:
Reserved for SpyCloud
Application Security Stream Huddle:
Cloud WAAP
With a proliferation of web-based applications and APIs, organisations need to carefully evaluate the pros and cons of cloud WAAP. This Huddle will explore aligning a WAAP strategy with the organisation’s future application architecture. Follow the App.
Audience Led
10:55-11:20
Cyber Engage Huddle 2
Information Security Stream Huddle:
Social Engineering
With employees, suppliers and client being targeted by cyber criminals, they can circumvent the security defences by merely logging in. This huddle will discuss strategies to protect the human endpoints.
Audience Led
Application Security Stream Huddle:
AST – Mobile Application Security Testing
With mobile applications becoming more and more central to an organisation’s digital transformation, adopting mobile AST is fundamental. This Huddle will explore how to adapt traditional techniques used (SAST/DAST/IAST and SCA) to identify client-side code vulnerabilities.
Audience Led
11:20-12:05
Panel: SBOM – Responding to known vulnerabilities inside the Box?
Discussing how to take a strategic approach to Vulnerability Management
With not all vulnerabilities being exploitable, organisations need to distinguish which vulnerabilities pose a significant risk, prioritise, and how to best remediate them, while not wasting resources on vulnerabilities that are not exploitable.
Grant Ongers, Former OWASP Global Foundation board chair and Co-founder of Secure Delivery
Robin Fewster, Senior Security Testing Manager, Hargreaves Lansdown
12:05-12:30
Cyber Engage Huddle 3
Information Security Stream Huddle:
Modern identity attacks and the challenge of defending against them
Defenders have done a great job in recent years securing endpoints and traditional network perimeters. Because of this, we’re seeing attackers driven towards a new frontier – identity. Over the last two years, new identity attack tools and techniques have emerged at an alarming rate. We’ll discuss why identity attacks are the fastest growing paradigm in security and what you can do to defend your organisation.
Push Security
Application Security Stream Huddle:
PTaaS – Penetration testing as a service
This Huddle will help giving insight in determining which mix of penetration testing programs fit your organisation best looking at PTaaS, red teams and bug bounty.
Audience-led
12:35-13:00
Cyber Engage Huddle 4
Information Security Stream Huddle:
IAM Strategies – A constantly moving goalpost?
While IAM is a cornerstone of cyber security over 90% of security professionals admitted to facing ‘at least one challenge’ within IAM.
This Huddle will discuss strategies to help define how we can improve our IAM policies and practices.
Audience Led
Application Security Stream Huddle: Reserved for CrowdStrike
13:00 - 13:50
Restaurant
Networking Lunch
13:50-14:20
Information Security Stream Huddle:
Panel Discussion: Experiences building a SOC
Building a SOC, being a crucial component of any cybersecurity program, does face challenges, harming desired performance levels. In this session you will learn about his experiences around the goals set, experiences and challenges met, reducing risk.
Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown
Azeem Bashir, Senior Partner, Cyber Execs Ltd
Application Security Stream Huddle:
Fireside Chat: Measuring the success of your DevSecOps programme.
With organisations increasingly adopting DevSecOps practices and the discipline maturing rapidly, how do you measure progress? With maturing DevSecOps programmes and the number of security test results increasing, finding the most important true positives and driving down the number of open security vulnerabilities are key.
In this presentation we will hear how XYZ approached DevSecOps KPIs and gaining transparency over the development pipeline.
14:20 - 15:10
Knowledge Pools
In this session you will engage in two curated discussions regarding cyber challenges being faced today. Details of this session will be reviewed by our speaker faculty & Chair and findings will be fed back on Day 2 to help you understand key topics and takeaways from the discussions.
KP 1: Optimising the stack
With tool sprawl not only being unnecessarily costly, but it also creates blind spots leaving the organisation at risk.
This KP will assess best practices from the participants optimising their security stacks.
KP2: Managing risk appetite in cyber security.
New business opportunities will bring risk. A common challenge in cyber security is looking at how we can keep the business secure whilst working towards new opportunities. This session will look at the balance between risk and opportunity.
Stu Driver, Information Security Manager, Barratt Developments plc
KP 3: Vendor and 3rd Party Management
With an abundance of security vendors in the market it is important to make informed choices, ensuring the best possible ROI and continuous assessment of the vendors used and other players in the market.
Richard Lovelock, Senior Cyber Security Manager, Currys plc
KP4: Reserved for Covert Swarm
15:10-15:25
Reception Area
Coffee Break & Networking
15:25-15:50
Cyber Engage Huddle 5
Information Security Stream Huddle:
Aligning security with business objectives.
As demand for cybersecurity and business alignment grows, the security function will need to build critical partnerships with key business stakeholders. In this session the panel will discuss gaining board level support, understanding all stakeholders and keeping the overall business objective in mind when making security decisions.
Stu Driver, Information Security Manager, Barratt Developments plc
Andrew Waples, CISO, St Andrews Health Care
Application Security Stream Huddle:
API Security Testing & Threat Protection
With traditional tools offering inconsistent support for detection of API-specific vulnerabilities, this Huddle will explore examining the testing and discovery capabilities provided by your application security portfolio, API discovery and ownership
Audience Led
15:55 -16:20
Cyber Engage Huddle 6
Information Security Stream Huddle:
Regulations & Compliance in Cyber Security
Who owns the risk? With increasing activity from regulators worldwide, how can CISO’s ensure they are protected from becoming the sacrificial lamb in the event of a major security incident? What should be expected of the InfoSec function and where should the risk be shared with other C Level individuals?
Audience Led
Application Security Stream Huddle:
DevOps Security Training
Many organisations still struggle to provide adequate, effective and the right training. This session will explore approaches to laying the foundations for a strong security training programme.
Audience Led
16:25 -16:50
Cyber Engage Huddle 7
Information Security Stream Huddle:
Reducing the impact of ransomware on your business
In this huddle, we’ll discuss ransomware attacks and explore the best strategies for prevention, detection, and swift recovery in the event of an attack.
If ransomware isn’t at the top of your list of business risks – it should be. You’ll know what the cost of operational downtime is in your organisation, it will typically exceed the cost of any ransom demand, and this is why you need specific tactics to protect against and recover from ransomware when it hits.
Halcyon
Application Security Stream Huddle:
Cloud Application challenges
With the unprecedented architectural multi cloud environment complexity and the ever-changing compliance requirements there is a need for a strategy to reduce complexity, increased visibility and cloud driven security.
Audience Led
16:50 – 17:20
Information Security Stream:
Panel Discussion: Optimising Threat Intelligence
This panel will discuss approaches to identify the range of sources needed to comprehensively identify and mitigate threats, range of data elements, use of AI, and ways to successfully operationalise processes efficiently yielding relevant security inputs.
Application Security Stream:
Panel Discussion: Successful DevSecOps begins with a cultural shift.
Cultural transformation sits at the beginning of a successful DevSecOps approach, fostering a cohesive collaboration between Development, Security and Operations functions. The panel will discuss responsibilities, accountabilities and experiences fostering an aligned culture.
Peter Olivier, Head of Security Delivery, Admiral Insurance
17:20 – 17:45
Panel Discussion: Liability fears impacting the CISO Role – Navigating accountability and liability.
This panel will discuss ways for IT Security Leaders to prepare for their changing role, emotionally, financially and legally on an individual and broader team/board level.
Peter Olivier, Cyber Security Business Partner (Business Information Security Officer), Admiral Insurance
Azeem Bashir, Senior Partner, Cyber Execs Ltd
Paul Simms, Global Director Cyber Resilience, Lumanity
17:45 - 18:00
Reception Area
Key Take Aways & End of Day 1
Summary of the key themes and takeaways from the first day & Check-in
18:30 - 19:00
Reception Area
Networking Drinks
19:00 - 21:30
Reception Area
3 Course Networking Dinner
Day 2 – 17th October 2024
8:30-8:55
Reception Area
Registration & Coffee
8:55-9:00
Reception Area
Introduction & Day 1 recap from Event Chairs
9:00-9:25
Panel: Breaking down barriers with business leadership. Imparting the value of security.
With IT security leaders becoming personally accountable for transparency, even fraud, on behalf of their organisation it is imperative that leadership teams grasp the gravity of security risks. This panel will discuss experiences in ensuring meaningful adoption and integration of security best practices, sufficient, upfront, investment and funding.
Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown
Peter Olivier, Cyber Security Business Partner (Business Information Security Officer), Admiral Insurance
Paul Simms, Global Director Cyber Resilience, Lumanity
Johann van Duyn, Chief Information Security Officer of Doom, Do & Co
Mike Backinsell, Global Deputy CISO, ManpowerGroup
9:25 - 09:50
Panel Discussion: Third Party Cyber Security Challenges
As the attack surface has expanded dramatically in the last few years, so have the number and severity of security breaches originating from third parties, with nearly three-quarters of organisations experiencing a cyberattack originating through their software supply chain.
In this Panel we will be discussing overcoming lack of resources combined with an exponentially growing third party population as well as navigating regulatory requirements.
Peter Olivier, Head of Security Delivery, Admiral Insurance
Robin Fewster, Senior Security Testing Manager, Hargreaves Lansdown
Richard Lovelock, Senior Cyber Security Manager, Currys plc
09:50 - 10:05
Main Hall
Coffee Break & Networking
All delegates with meetings scheduled in their personal timetable will participate in 25-minute one-to-one meetings during this session.
10:05 - 10:30
Cyber Engage Huddle 8
Information Security Stream Huddle: Recovering from a cyber attack
• Who do you inform first?
• Should your DR plan include communication processes?
• What methods can be used to minimise reputational damage?
Audience Led
Application Security Stream Huddle:
Making Security Champion Programmes Work
Dev, Ops and Sec teams are often still siloed, with cybersecurity staff with coding experience short in supply. Embedding security awareness and expertise earlier in the SDLC through identifying coder Security Champions is one approach that works.
This keynote/panel will discuss starting and maintaining a successful Security Champion Programme.
Chair: Peter Olivier, Head of Security Delivery, Admiral Insurance
Audience Led
10:35 - 11:00
Cyber Engage Huddle 9
Engage Huddle 9: Establishing a robust Security Culture
With cyber security culture programs often failing to reach the hearts and minds of the organisation, we will discuss influencing how employees feel about security, desirable behaviours and what metrics to use making it a deeply rooted part of the organization’s psyche
Audience Led
Application Security Stream Huddle:
Threat Modelling Automation
With organisations focussing on AppSec testing while establishing an AppSec programme, they fail to identify design flaws early in the SDLC. This Huddle will focus on how automation can help reduce manual intervention and help shifting security left to architectural and development staff.
Audience Led
11:00 - 11:25
Main Hall
What’s changed session reserved for Chair:
In this session Sarb will discuss in depth those topics prioritised on day one by the audience.
Sarb Sembhi, CISO, Virtually Informed
11:25 - 11:50
Main Hall
Insight Session –
Key findings and insights from the Knowledge Pool sessions yesterday will be relayed and help define the action points and discoveries for the whole audience to digest and help plan for implementing
Run by table hosts
11:50 - 12:15
Cyber Engage Huddle 10
Information Security Stream Huddle: Reserved for Solution Partner
Application Security Stream Huddle:
Engage Huddle 10: Panel Discussion: Securing Multi-Cloud Infrastructure.
With misconfigurations and human error causing most data security breaches on the organisation’s cloud services, this panel will look at ways to get a better understanding and posture of the cloud environment.
Audience Led
12:20 - 12:45
Cyber Engage Huddle 11
Information Security Stream Huddle:
Engage Huddle 11: Keeping up with the complex and evolving threat landscape.
Implementing threat detection and response is a major challenge in the increasingly complex and evolving threat landscape. Keeping up in the environment requires continuous evolution and improved threat detection content. All putting more pressure on the enterprise’s resources. This panel will discuss strategies to keep up with the rapidly evolving threat landscape.
Audience Led
Application Security Stream Huddle: ASPM – Application Security Posture Management
This Huddle will look at identifying key stakeholders who will use a ASPM solution to ensure support and be successful.
Audience Led
12:45 - 13:45
Restaurant
Networking Lunch
13:45-14:15
Open floor session: Cyber security – A mental health minefield
The weight of stress and anxiety on cyber security professionals is mounting. Increased IT complexity, unrealistic expectations from the board, skill shortages and a growing volume of security threats are creating an overly strained working environment, all putting the mental and physical wellbeing of security professionals at risk.
This session will update the work of the Mental Health in Cyber Security Foundation and it’s Community of Practice and the work in this area, and discuss what professionals need / want and strategies to help avoid issues within their team.
Sarb Sembhi, Chair, Mental Health in Cyber Security Foundation
Bec McKeown, Founder and Principal Psychologist, Mind Science Ltd
Peter Olivier, Head of Security Delivery, Admiral Insurance
Paul Simms, Director of Cyber Security & Compliance, Lumanity
Mike Backinsell, Global Deputy CISO, ManpowerGroup
14:15 – 14:45
Panel: Solving the cybersecurity talent gap. Reskilling and Upskilling Strategies.
With the talent shortage growing in the information security industry, CISO’s and their teams come under enormous pressure addressing the ever-increasing threats.
This panel will explore how reskilling programmes can help bridging the gap meet skill requirements and foster loyalty and retention.
Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown
14:45 – 15:15
Key Take Aways:
Summary of the key themes and takeaways from the second day and a chance to join working groups to create papers and toolkits to help disseminate key learnings through the wider Cyber Security community.