Agenda

Day One 9th July 2025

Registration & Coffee 

Introduction from Forum Chair

Sarb Sembhi, CISO, Virtually Informed

Panel Discussion: Third Party Cyber Security Challenges in the Public Sector and the Cyber Security and Resilience Bill

As the attack surface has expanded dramatically in the last few years, so have the number and severity of security breaches originating from third parties, with nearly three-quarters of organisations experiencing a cyberattack originating through their software supply chain.
In this Panel we will be discussing vendor risk management, overcoming lack of resources combined with an exponentially growing third party population as well as navigating regulatory requirements.

Vicki Gavin, Cyber Security Business Partner, NHS England

Panel Discussion: Breaking down barriers with organisation’s leadership. Imparting the value of security

With IT security leaders becoming personally accountable for transparency, even fraud, on behalf of their organisation it is imperative that leadership teams grasp the gravity of security risks. This panel will discuss experiences in ensuring meaningful adoption and integration of security best practices, sufficient, upfront, investment and funding.

Jack Ciezak, Information Technology Infrastructure Manager, Princess Alexandra Hospital NHS Trust
Chris Trinder, Head of Technology, Central Bedfordshire Council
Detective Sergeant Ozan Bagatirlar, Cyber Crime Unit, Metropolitan Police

Coffee Break & Networking 

Engage Huddle 1: Optimising the stack

With tool sprawl not only being unnecessarily costly, but it also creates blind spots leaving the organisation at risk.
This Huddle will assess best practices from the participants optimising their security stack.

Audience Led – peer to peer interaction.

Engage Huddle 2: Reserved for Zerto HPE

Panel Session: Ransomware/Cyber-attack playbook

Minimising the impact of a cyber security incident. What steps to take in case of a ransomware attack.

In this session we will explore how to respond effectively and efficiently to cyber incidents and its part within the wider business continuity plan.

Rob Long, Head of Information Assurance, Bath & North East Somerset Council
Detective Sergeant Ozan Bagatirlar, Cyber Crime Unit, Metropolitan Police
Gerardo Del Guercio MBE, Head of Technology and Solutions, Prostate Cancer UK

Engage Huddle 3: Enhancing Security with Automation

With an ever-increasing complexity of security ecosystems, skills shortage and public scrutiny on spending, security teams are pressed to find the optimal automation to enhance overall productivity and effectiveness. In this session we will explore opportunities to enhance the security posture through different means of automation.

Audience Led – peer to peer interaction.

Huddle 4: Spycloud

Networking Lunch

Audience Exercise: Cyber Escape Room – Embark on a thrilling race against time!

Run by the Cyber Protect Team at the Metropolitan Police, you, and your cyber team for the day, will need to solve a variety of cyber security issues such as ransomware, phishing, data leakage and passwords. The exercise is followed by a debrief putting each topic covered into context.

May the best Team win!

Cyber Protect Team, Metropolitan Police

Coffee Break & Networking

Engage Huddle 5: Preventing a cyber-attack? Is there a consensus on best practice?

Audience Led – peer to peer interaction.

Engage Huddle 6: Integrating Digital Identity into your cybersecurity and resilience strategy – providing users a secure and privacy-respecting experience

In this session you will discuss balancing adoption of new digital tools and platforms with long term strategy goals.

Audience Led – peer to peer interaction.

Engage Huddle 7: Reducing the impact of ransomware on your business

In this huddle, we’ll discuss ransomware attacks and explore the best strategies for prevention, detection, and swift recovery in the event of an attack.
Audience Led – peer to peer interaction.

Insight Keynote: Latest updates in the Information Security arena

This session will be a run-through on most important changes in the past 6 months that are impacting on information security operations. What do we need to be aware of, act on, consider acting on, and what impact do these have on our ability to manage security effectively.
Sarb Sembhi, CISO, Virtually Informed

Panel Discussion: Establishing a robust Security Culture

With cyber security culture programs often failing to reach the hearts and minds of the organisation, we will discuss influencing how employees feel about security, desirable behaviours, and what metrics to use making it a deeply rooted part of the organisation’s psyche.

 Vicki Gavin, Cyber Security Business Partner, NHS England

Jia Fu, Head of Cyber Security, British Film Institute

Key Take Aways Session & End of Day 1
Summary of the key themes and takeaways from the first day & Check-in

Welcome drink and 3 Course Networking Dinner

Day 2 10th July 2025

Registration & Coffee

Day 1 recap from Event Chair

Panel Discussion: Overcoming Security Awareness Training Pitfalls

Cybersecurity training faces several key challenges, including maintaining relevance in a rapidly evolving threat landscape, ensuring employee engagement and retention of knowledge, and addressing the practical implementation of security measures in real-world scenarios. Furthermore, overcoming employee resistance to change and demonstrating the tangible impact of training are significant hurdles. In this panel session you will explore best practices with the full audience.

Jack Ciezak, Information Technology Infrastructure Manager, Princess Alexandra Hospital NHS Trust

Sapna Chada, CEO, Cyber Resilience Centre for London

Panel Discussion: What do we need to do to get value from AI and what to plan for going forward on the continuum?

While more and more organisations are reaping the immediate benefits of increased efficiency and innovation thanks to AI, many do not have a defined roadmap allowing for longer term planning of the growing AI ecosystem. In this session we will share experiences around due diligence needed before implementing AI solutions, planning for the accelerating use of AI.

Rob Long, Head of Information Assurance, Bath & North East Somerset Council

Ollie Ringguth, Cyber Business Partner, NHS England

Coffee Break & Networking

Engage Huddle 8: Recovering from a cyber attack

• Who do you inform first?
• Should your DR plan include communication processes?
• What methods can be used to minimise reputational damage?

Audience Led – peer to peer interaction.

Engage Huddle 9: Reserved for Solution Provider

Audience Led – peer to peer interaction.

Knowledge Pools:

In this session you will engage in three curated discussions regarding technical challenges facing today’s It Security professional. Details of this session will be reviewed by our speaker faculty & Chair and findings will be fed back at the end of the session to decide on which topics will have working groups created to help produce reports and toolkits to be distributed across the wider Cyber Security community.

Engage Huddle 10: Social Engineering

With employees, suppliers and client being targeted by cyber criminals, they can circumvent the security defences by merely logging in. This huddle will discuss strategies to protect the human endpoints.

Audience Led – peer to peer interaction.

Engage Huddle 11: Keeping up with the complex and evolving threat landscape

 Implementing threat detection and response is a major challenge in the increasingly complex and evolving threat landscape. Keeping up in the environment requires continuous evolution and improved threat detection content. All putting more pressure on the enterprise’s resources. This panel will discuss strategies to keep up with the rapidly evolving threat landscape.

Audience Led – peer to peer interaction.

Networking Lunch

Open floor session: Cyber security – A mental health minefield

The weight of stress and anxiety on cyber security professionals is mounting. Increased IT complexity, unrealistic expectations from the board, skill shortages and a growing volume of security threats are creating an overly strained working environment, all putting the mental and physical wellbeing of security professionals at risk.

This session will update the work of the Mental Health in Cyber Security Foundation and it’s Community of Practice and the work in this area and discuss what professionals need / want and strategies to help avoid issues within their team.

 Sarb Sembhi, Chair, Mental Health in Cybersecurity Foundation

Amanda Finch, CEO, Chartered Institute of Information Security

Goher Mohammad, CISO, L&Q

Panel Session: Lessons learned implementing the Cyber Assessment Framework (CAF)

 In this session the audience will share their best practices implementing CAF, overcoming challenges and how the framework can be used for all public sector and non-profit bodies.

Chris Trinder, Head of Technology, Central Bedfordshire Council

Key Take Aways Session:

Summary of the key themes and takeaways from the second day and a chance to join working groups to create papers and toolkits to help disseminate key learnings through the wider Cyber Security community.

End of Day Two and Forum