Programme

Day 1 – 16th October 2024 

}

08:30 – 09:00

Registration & Coffee 

}

09:00 – 09:05

Introduction from Event Chairs

Sarb Sembhi, CISO, Virtually Informed  Application Security 

}

9:05 – 9:45

Keynote: Latest updates in the Information Security arena.

This opening session will be a run-through on most important changes in the past 6 months that are impacting on information security operations. What do we need to be aware of, act on, consider acting on, and what impact do these have on our ability to manage security effectively.

Sarb Sembhi, CISO, Virtually Informed

}

9:40 – 10:10

Panel Session: The Road to AI Governance

While more and more organisations are reaping the immediate benefits of increased efficiency and innovation thanks to AI, many do not have a defined roadmap allowing for longer term planning of the growing AI ecosystem. In this session we will share experiences around due diligence needed before implementing AI solutions, planning for the accelerating use of AI.

Sarith Chandra, Director of Security, Risk and Compliance, GE HealthCare

}

10:10 – 10:25

Coffee Break & Networking

All delegates with meetings scheduled in their personal timetable will participate in 25-minute one-to-one meetings during this session.

}

10:25-11:50

Cyber Engage Huddle 1

Information Security Stream Huddle:

Reserved for SpyCloud

 

Application Security Stream Huddle:

Cloud WAAP

With a proliferation of web-based applications and APIs, organisations need to carefully evaluate the pros and cons of cloud WAAP. This Huddle will explore aligning a WAAP strategy with the organisation’s future application architecture. Follow the App.

Audience Led

}

10:55-11:20

Cyber Engage Huddle 2

Information Security Stream Huddle:

Social Engineering

With employees, suppliers and client being targeted by cyber criminals, they can circumvent the security defences by merely logging in. This huddle will discuss strategies to protect the human endpoints.

Audience Led

Application Security Stream Huddle: 

AST – Mobile Application Security Testing

With mobile applications becoming more and more central to an organisation’s digital transformation, adopting mobile AST is fundamental. This Huddle will explore how to adapt traditional techniques used (SAST/DAST/IAST and SCA) to identify client-side code vulnerabilities.

Audience Led

}

11:20-12:05

Panel: SBOM – Responding to known vulnerabilities inside the Box?

Discussing how to take a strategic approach to Vulnerability Management

With not all vulnerabilities being exploitable, organisations need to distinguish which vulnerabilities pose a significant risk, prioritise, and how to best remediate them, while not wasting resources on vulnerabilities that are not exploitable.

Grant Ongers, Former OWASP Global Foundation board chair and Co-founder of Secure Delivery

Robin Fewster, Senior Security Testing Manager, Hargreaves Lansdown

}

12:05-12:30

Cyber Engage Huddle 3

Information Security Stream Huddle:

Modern identity attacks and the challenge of defending against them

Defenders have done a great job in recent years securing endpoints and traditional network perimeters. Because of this, we’re seeing attackers driven towards a new frontier – identity. Over the last two years, new identity attack tools and techniques have emerged at an alarming rate. We’ll discuss why identity attacks are the fastest growing paradigm in security and what you can do to defend your organisation.

Push Security 

Application Security Stream Huddle:

PTaaS – Penetration testing as a service


This Huddle will help giving insight in determining which mix of penetration testing programs fit your organisation best looking at PTaaS, red teams and bug bounty.

Audience-led

}

12:35-13:00

Cyber Engage Huddle 4

Information Security Stream Huddle:

IAM Strategies – A constantly moving goalpost?

While IAM is a cornerstone of cyber security over 90% of security professionals admitted to facing ‘at least one challenge’ within IAM.

This Huddle will discuss strategies to help define how we can improve our IAM policies and practices.

Audience Led

Application Security Stream Huddle: Reserved for CrowdStrike

}

13:00 - 13:50

Restaurant

Networking Lunch 

}

13:50-14:20

Information Security Stream Huddle:

Panel Discussion: Experiences building a SOC

 Building a SOC, being a crucial component of any cybersecurity program, does face challenges, harming desired performance levels. In this session you will learn about his experiences around the goals set, experiences and challenges met, reducing risk. 

Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown

Azeem Bashir, Senior Partner, Cyber Execs Ltd

Application Security Stream Huddle:

Fireside Chat: Measuring the success of your DevSecOps programme. 

 With organisations increasingly adopting DevSecOps practices and the discipline maturing rapidly, how do you measure progress? With maturing DevSecOps programmes and the number of security test results increasing, finding the most important true positives and driving down the number of open security vulnerabilities are key.

In this presentation we will hear how XYZ approached DevSecOps KPIs and gaining transparency over the development pipeline. 

}

14:20 - 15:10

Knowledge Pools

In this session you will engage in two curated discussions regarding cyber challenges being faced today. Details of this session will be reviewed by our speaker faculty & Chair and findings will be fed back on Day 2 to help you understand key topics and takeaways from the discussions.

KP 1: Optimising the stack

With tool sprawl not only being unnecessarily costly, but it also creates blind spots leaving the organisation at risk.

This KP will assess best practices from the participants optimising their security stacks.

KP2: Managing risk appetite in cyber security.

New business opportunities will bring risk. A common challenge in cyber security is looking at how we can keep the business secure whilst working towards new opportunities. This session will look at the balance between risk and opportunity.

Stu Driver, Information Security Manager, Barratt Developments plc

KP 3: Vendor and 3rd Party Management

With an abundance of security vendors in the market it is important to make informed choices, ensuring the best possible ROI and continuous assessment of the vendors used and other players in the market.

Richard Lovelock, Senior Cyber Security Manager, Currys plc

KP4: Reserved for Covert Swarm

 

}

15:10-15:25

Reception Area

Coffee Break & Networking

}

15:25-15:50

Cyber Engage Huddle 5

Information Security Stream Huddle:

Aligning security with business objectives.

As demand for cybersecurity and business alignment grows, the security function will need to build critical partnerships with key business stakeholders. In this session the panel will discuss gaining board level support, understanding all stakeholders and keeping the overall business objective in mind when making security decisions.

Stu Driver, Information Security Manager, Barratt Developments plc

Andrew Waples, CISO, St Andrews Health Care

Application Security Stream Huddle:

API Security Testing & Threat Protection

With traditional tools offering inconsistent support for detection of API-specific vulnerabilities, this Huddle will explore examining the testing and discovery capabilities provided by your application security portfolio, API discovery and ownership

Audience Led

}

15:55 -16:20

Cyber Engage Huddle 6

Information Security Stream Huddle:

Regulations & Compliance in Cyber Security

Who owns the risk? With increasing activity from regulators worldwide, how can CISO’s ensure they are protected from becoming the sacrificial lamb in the event of a major security incident? What should be expected of the InfoSec function and where should the risk be shared with other C Level individuals?

Audience Led

Application Security Stream Huddle:

 DevOps Security Training

Many organisations still struggle to provide adequate, effective and the right training. This session will explore approaches to laying the foundations for a strong security training programme.

Audience Led

}

16:25 -16:50

Cyber Engage Huddle 7

Information Security Stream Huddle:

Reducing the impact of ransomware on your business

In this huddle, we’ll discuss ransomware attacks and explore the best strategies for prevention, detection, and swift recovery in the event of an attack.

If ransomware isn’t at the top of your list of business risks – it should be. You’ll know what the cost of operational downtime is in your organisation, it will typically exceed the cost of any ransom demand, and this is why you need specific tactics to protect against and recover from ransomware when it hits.

Halcyon

Application Security Stream Huddle:

Cloud Application challenges

 With the unprecedented architectural multi cloud environment complexity and the ever-changing compliance requirements there is a need for a strategy to reduce complexity, increased visibility and cloud driven security.

 Audience Led

}

16:50 – 17:20

Information Security Stream:

Panel Discussion: Optimising Threat Intelligence

 This panel will discuss approaches to identify the range of sources needed to comprehensively identify and mitigate threats, range of data elements, use of AI, and ways to successfully operationalise processes efficiently yielding relevant security inputs.

Application Security Stream:

Panel Discussion: Successful DevSecOps begins with a cultural shift.

Cultural transformation sits at the beginning of a successful DevSecOps approach, fostering a cohesive collaboration between Development, Security and Operations functions. The panel will discuss responsibilities, accountabilities and experiences fostering an aligned culture.

Peter Olivier, Head of Security Delivery, Admiral Insurance

}

17:20 – 17:45

Panel Discussion: Liability fears impacting the CISO Role – Navigating accountability and liability.

This panel will discuss ways for IT Security Leaders to prepare for their changing role, emotionally, financially and legally on an individual and broader team/board level.

Peter Olivier, Cyber Security Business Partner (Business Information Security Officer), Admiral Insurance

Azeem Bashir, Senior Partner, Cyber Execs Ltd

Paul Simms, Global Director Cyber Resilience, Lumanity

}

17:45 - 18:00

Reception Area

Key Take Aways & End of Day 1

Summary of the key themes and takeaways from the first day & Check-in

}

18:30 - 19:00

Reception Area

Networking Drinks

}

19:00 - 21:30

Reception Area

3 Course Networking Dinner

Day 2 – 17th October 2024 

}

8:30-8:55

Reception Area

Registration & Coffee 

}

8:55-9:00

Reception Area

Introduction & Day 1 recap from Event Chairs 

}

9:00-9:25

Panel: Breaking down barriers with business leadership. Imparting the value of security. 

With IT security leaders becoming personally accountable for transparency, even fraud, on behalf of their organisation it is imperative that leadership teams grasp the gravity of security risks. This panel will discuss experiences in ensuring meaningful adoption and integration of security best practices, sufficient, upfront, investment and funding.

Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown

Peter Olivier, Cyber Security Business Partner (Business Information Security Officer), Admiral Insurance

Paul Simms, Global Director Cyber Resilience, Lumanity

Johann van Duyn, Chief Information Security Officer of Doom, Do & Co

Mike Backinsell, Global Deputy CISO, ManpowerGroup

}

9:25 - 09:50

Panel Discussion: Third Party Cyber Security Challenges

As the attack surface has expanded dramatically in the last few years, so have the number and severity of security breaches originating from third parties, with nearly three-quarters of organisations experiencing a cyberattack originating through their software supply chain.

In this Panel we will be discussing overcoming lack of resources combined with an exponentially growing third party population as well as navigating regulatory requirements.

Peter Olivier, Head of Security Delivery, Admiral Insurance

Robin Fewster, Senior Security Testing Manager, Hargreaves Lansdown

Richard Lovelock, Senior Cyber Security Manager, Currys plc

}

09:50 - 10:05

Main Hall

Coffee Break & Networking

All delegates with meetings scheduled in their personal timetable will participate in 25-minute one-to-one meetings during this session.

}

10:05 - 10:30

Cyber Engage Huddle 8

Information Security Stream Huddle: Recovering from a cyber attack

• Who do you inform first?
• Should your DR plan include communication processes?
• What methods can be used to minimise reputational damage?

Audience Led

Application Security Stream Huddle:

Making Security Champion Programmes Work

Dev, Ops and Sec teams are often still siloed, with cybersecurity staff with coding experience short in supply. Embedding security awareness and expertise earlier in the SDLC through identifying coder Security Champions is one approach that works.
This keynote/panel will discuss starting and maintaining a successful Security Champion Programme.

Chair: Peter Olivier, Head of Security Delivery, Admiral Insurance

Audience Led

}

10:35 - 11:00

Cyber Engage Huddle 9

Engage Huddle 9: Establishing a robust Security Culture

With cyber security culture programs often failing to reach the hearts and minds of the organisation, we will discuss influencing how employees feel about security, desirable behaviours and what metrics to use making it a deeply rooted part of the organization’s psyche

Audience Led

 

Application Security Stream Huddle:

Threat Modelling Automation

With organisations focussing on AppSec testing while establishing an AppSec programme, they fail to identify design flaws early in the SDLC. This Huddle will focus on how automation can help reduce manual intervention and help shifting security left to architectural and development staff. 

Audience Led

}

11:00 - 11:25

Main Hall

What’s changed session reserved for Chair:

In this session Sarb will discuss in depth those topics prioritised on day one by the audience.

Sarb Sembhi, CISO, Virtually Informed

}

11:25 - 11:50

Main Hall

Insight Session –

Key findings and insights from the Knowledge Pool sessions yesterday will be relayed and help define the action points and discoveries for the whole audience to digest and help plan for implementing

Run by table hosts

}

11:50 - 12:15

Cyber Engage Huddle 10

Information Security Stream Huddle: Reserved for Solution Partner

Application Security Stream Huddle:

Engage Huddle 10: Panel Discussion: Securing Multi-Cloud Infrastructure.

With misconfigurations and human error causing most data security breaches on the organisation’s cloud services, this panel will look at ways to get a better understanding and posture of the cloud environment.

Audience Led

}

12:20 - 12:45

Cyber Engage Huddle 11

Information Security Stream Huddle: 

Engage Huddle 11: Keeping up with the complex and evolving threat landscape.

 Implementing threat detection and response is a major challenge in the increasingly complex and evolving threat landscape. Keeping up in the environment requires continuous evolution and improved threat detection content. All putting more pressure on the enterprise’s resources. This panel will discuss strategies to keep up with the rapidly evolving threat landscape.

Audience Led

Application Security Stream Huddle: ASPM – Application Security Posture Management 

This Huddle will look at identifying key stakeholders who will use a ASPM solution to ensure support and be successful. 

Audience Led

}

12:45 - 13:45

Restaurant

Networking Lunch 

}

13:45-14:15

Open floor session: Cyber security – A mental health minefield

The weight of stress and anxiety on cyber security professionals is mounting. Increased IT complexity, unrealistic expectations from the board, skill shortages and a growing volume of security threats are creating an overly strained working environment, all putting the mental and physical wellbeing of security professionals at risk.

This session will update the work of the Mental Health in Cyber Security Foundation and it’s Community of Practice and the work in this area, and discuss what professionals need / want and strategies to help avoid issues within their team.

Sarb Sembhi, Chair, Mental Health in Cyber Security Foundation

Bec McKeown, Founder and Principal Psychologist, Mind Science Ltd

Peter Olivier, Head of Security Delivery, Admiral Insurance

Paul Simms, Director of Cyber Security & Compliance, Lumanity

Mike Backinsell, Global Deputy CISO, ManpowerGroup

}

14:15 – 14:45

Panel: Solving the cybersecurity talent gap. Reskilling and Upskilling Strategies.

With the talent shortage growing in the information security industry, CISO’s and their teams come under enormous pressure addressing the ever-increasing threats.

This panel will explore how reskilling programmes can help bridging the gap meet skill requirements and foster loyalty and retention.

Duncan Hayes, Head of Cyber Defence, Hargreaves Lansdown

}

14:45 – 15:15

Key Take Aways:

Summary of the key themes and takeaways from the second day and a chance to join working groups to create papers and toolkits to help disseminate key learnings through the wider Cyber Security community.

}

15:15

End of Day Two