Agenda

Presentations already confirmed include:


►Government Cyber Action Plan

Alex Harris, Head of Gov Cyber Implementation, Government Cyber Unit, Department for Science, Innovation and Technology

Last year, Alex outlined the scale of the cyber challenge faced by government and the public sector. This presentation will set out how DSIT's Government Cyber Action Plan aims to meet these challenges.


►Building Resilience Through Experience: Lessons from Recent Cyber Attacks

Mike Owen, Deputy Director Cyber Operations, NHS England

  • How real-world cyber attacks unfolded in the NHS, including what worked, what failed, and the practical lessons learned from responding under pressure.
  • Key strategies for building organisational cyber resilience, drawn from first-hand experience of managing incidents in a complex, high-impact environment.
  • Actionable insights leaders can apply immediately to improve preparedness, decision-making, and recovery before, during, and after a cyber attack.

►Post Quantum Cryptography within Life Sciences

Zak Pantelli, Distinguished Architect & Senior Director - Data Security & Cryptography, GSK

  • Understanding of PQC and the impact on life sciences.
  • Why crypto procrastination is causing delay in implementation.
  • Understanding of PQC migration approaches.

►Panel Discussion: Third Party and Beyond — Where Modern Breaches Begin

Simon Brady, Event Chairman (Moderator)
Evie Wild, Information Security Officer, EMEA Region, LBBW Bank
Stephen Kinghan, Senior Manager, Security Risk Specialists, Lloyds Banking Group
Adam Abdat, SOC Lead, easyJet
Federico Charosky, Founder & CEO, Quorum Cyber

  • How do you identify and manage the potential single point of failure in subcontracting (4th parties)
  • When in-house AI is strictly controlled, how do you manage new AI introduced via third party add-ons
  • How can you detect and prevent shadow IT and shadow procurement
  • How do you approach changing the culture around the onboarding process

►Panel Discussion: Privilege Sprawl — The Ghost in the Machine

Steve Davies, Head of Cybersecurity, DLA Piper (Moderator)
Adam Lorimer, Director of Security Operations, University College London
Dhipa Lee, IAM Transformation Lead, NatWest Group

  • How can IAM and Zero Trust expose and contain privilege sprawl before attackers turn it into a breach path?
  • What cultural or operational changes are needed to shift from static access models to adaptive, continuously validated security?
  • How do we balance usability and functionality in IAM

►Panel Discussion: From Human Error to Human Defence — The New Era of Cyber Culture

Nasser Arif, Cyber Security Manager, LNWUH NHS Trust (Moderator)
Janette Bonar Law, Information Security Operations Manager, Channel 4
Holly-Jane Grayling, Security Culture and Awareness Lead, Tunstall Healthcare
Adeiza Yisa, Business Information Security Office,  Shell

  • How can we actively reducing the human and insider attack surface based on the patterns we keep seeing in recent breaches?
  • How are you identifying and acting on live behavioural risk signals—beyond training completion—to prevent the next high-impact incident?
  • How do we continuously reinforce secure behaviour through in-the-moment nudges, intentional friction, and visibility in daily workflows?
  • How are you embedding leadership modelling, accountability, and reinforcement of secure behaviour as a sustained organisational control?

►Fireside chat: Resilience: a revolution or just re-labelling?

Sarah Lawson, Director of Cybersecurity, Risk and Resilience (CISO), Oxford University Press
Spencer Scott, Global Head of Information Security, AllSaints & John Varnatos

  • Has “resilience” actually changed how you run your security operation day to day, or is it mainly a different way of describing the same controls and priorities you already had?
  • From “prevent and protect” to “ensure continuity of critical services”: you still need security, so is this just more work for the security team?
  • What investment trade-offs do you now make between prevention and business continuity? Have your technology focuses changed?
  • Does a resilience mindset de-prioritize some kinds of breach/loss (e.g. partial customer data, GDPR)? And does it create less of a scapegoating security culture?

►Compliance as a Consequence: Driving Security, Enabling Assurance — A Telco Perspective

Simon Turner, Head of Security Governance and Compliance, BT Group

  • Reframing compliance as the natural result of strengthening governance, managing risk, and designing effective controls, rather than treating it as a standalone or periodic activity.
  • Unifying GRC efforts by embedding clear ownership, aligned controls, and security practices into daily operations while meeting overlapping regulatory and certification requirements.
  • Strengthening resilience and reducing waste by moving from chasing audit evidence to building systems where compliance is the outcome of doing security the right way.

►Ready to Recover: The True Test of Cyber Resilience

Andy Giles, Executive Director, Cyber & Technology Risk Reporting and Metrics, JPMorgan Chase

  • How the threat has changed — the rise of state-based and hybrid cyber activity, and the deteriorating threat environment.
  • Prepare to fail — why resilience incidents are not hypothetical but inevitable, and why readiness must be cultural, not procedural.
  • Match fit for recovery — what it means to be ready for data and systems restoration under real-world conditions.
  • Knowing when “good enough” is good enough — how to measure resilience in ways that are predictive, embedded, and aligned with risk appetite.

►Malicious vs. Defensive: How AI is Changing Cybersecurity

Mick Leach, Field CISO, AbnormalAI

  • Are your defences ready for AI powered email threats? Generative AI now lets attackers launch highly personalised, large-scale phishing and BEC campaigns that slip past traditional red flags and human review
  • How will you augment human judgment to keep pace with AI driven attacks? Pair your people and legacy tools with intelligent, automated detection that learns behavioral patterns and flags subtle anomalies before damage is done
  • What steps will you take to put defensive AI in front of malicious AI? Deploy real-time, behavior-based email security that can detect and stop AI-generated attacks at scale, and turn its insights into concrete actions to harden your defences

►Why Zero Trust is the answer to securing AI

Trevor Dearing, Director, Industry Solutions, Illumio

  • Who could have guessed that business would still be transforming? This time it is a big one - AI 
  • How do we protect our AI, protect ourselves from AI, and use AI to protect ourselves? 
  • Look at how we build resilience into our AI projects and use Zero Trust to save our future

►AI, Exposure Management and the Future of Pentesting

Chris Wallis, Founder & CEO, Intruder

  • Faced with an overwhelming number of newly discovered vulnerabilities, organisations are turning to CTEM and penetration testing to try and beat the attackers and prevent breaches
  • However, each approach comes with very different strengths and weaknesses, meaning organisations have to trade-off cost, frequency, testing time, and depth of checks when choosing how to use them
  • The gap between CTEM and penetration testing can seem large, so this talk will explore how AI can act as a bridge between them, and counter-act some of those trade-offs
  • We will discuss the role of pentesting as the industry moves towards CTEM, examples of where we've seen AI successfully move the needle, and why even the best agentic systems are not a replacement for the human element

Education seminars


AI vs AI: Navigating the New Era of the Cyber Battlefield


Céleste Manenc, Corporate Sales Engineer, CrowdStrike

Artificial intelligence is changing the pace and scale of cyber operations. Adversaries are using AI to accelerate reconnaissance, automate intrusion paths, and exploit weaknesses faster than traditional defenses can respond.In this session, CrowdStrike shares frontline insight into how this shift is unfolding across the global threat landscape. We examine how threat actors are applying AI today and what effective, AI-native defense looks like in practice. The discussion focuses on practical decision-making, resilience, and how organisations can apply AI with discipline to stay ahead as adversaries continue to evolve.

Attendees will learn:

  • How AI is being operationalised by modern adversaries
  • Where AI delivers real advantage in detection and response
  • What defines an effective AI-native security approach
  • How to combine machine intelligence and human expertise to reduce risk

Rethinking Access, Securing the Tools and Devices You Don’t Control


Andy Mayle, Senior Manager, Solutions Engineer, 1Password

How do you offboard someone from an app you didn’t know they used? Or secure a device you don’t manage? In a world of AI agents, shadow IT, and hybrid work, traditional access tools fall short. This session explores how access security must evolve, so you can govern AI, protect unmanaged tools and devices, and empower work without holding teams back.

Attendees will learn:

  • Where access security fails in the age of AI agents, shadow IT, and hybrid work
  • How to regain visibility and control over apps, tools, and devices you don’t own or manage
  • Practical approaches to securing access without slowing teams or blocking innovation

From Hype to Advantage: Operationalizing AI in the Modern SOC


Carlo Minassian, Founder & CEO, LMNTRIX

AI in cybersecurity is everywhere right now. Copilots, assistants, auto-everything. But here’s the thing. Most of it is still surface-level automation dressed up as intelligence. This session cuts through the hype and shows what real, operational AI looks like inside a modern SOC. Carlo Minassian, Founder and CEO of LMNTRIX, shares how an agentic AI approach is being used in production to investigate alerts, reason across telemetry, and execute response actions with humans in the loop. Instead of adding another dashboard or chatbot, LMNTRIX built AI directly into the detection and response workflow.

Attendees will see a live demonstration of Artemis, an autonomous investigation engine that correlates signals across endpoint, identity, cloud, and network, and LISA, a conversational security assistant that explains incidents, recommends actions, and collaborates with analysts in real time via chat and console. The talk walks through what AI is genuinely good at today, where expectations are unrealistic, and how CISOs can apply AI safely and pragmatically to reduce noise, speed investigations, and improve resilience without losing control or transparency. If you care about measurable outcomes like faster investigations, fewer false positives, and less analyst burnout, this session shows what works and what to ignore.

No theory. No slideware. Just real-world AI for cyber defence, demonstrated live.

Attendees will learn:

  • How agentic AI can autonomously triage, investigate, and respond to threats across multiple security layers
  • A live walkthrough of Artemis and LISA handling real alerts end to end
  • Practical guidance on where GenAI adds value in the SOC and where it doesn’t
  • How to reduce Tier-1 workload, cut noise, and materially improve MTTD and MTTR without adding more tools

The 2026 Attackers playbook: Hacking Trust


Tom Rossdale, Sales Engineer Director, Varonis

Attackers are no longer just hacking systems. They are hacking trust - exploiting human relationships and digital identities to gain access and move undetected. In this 2026 planning session, Tom Rossdale will walk you through the entire attack journey, from the first phishing email to the final payload. He’ll share real-world examples of the attack techniques we encounter every day, and show you how to stay one step ahead.

Attendees will learn:

  • How phishing and social engineering open the door for attackers 
  • How AI is powering smarter, faster, more personalized attacks
  • A detailed walkthrough of the full attack chain
  • What’s changed since the last Attacker’s Playbook and what to expect in

The Impact of AI on Application Risk: From Prevention to Control


John Wood, EMEA Sales Director, Contrast Security

AI is accelerating software development beyond the pace traditional security models were designed for. AI-assisted coding increases speed and productivity, but it also changes how vulnerabilities enter applications. Code is generated and modified at scale, often without deep review of every dependency or execution path. The development system has changed - security models built for slower cycles are under strain. Attackers are evolving just as quickly. AI enables faster discovery of weaknesses, quicker adaptation of exploits and lowers the skill required to launch effective attacks. The window between vulnerability introduction and exploitation is shrinking. Relying solely on pre-production controls is no longer realistic.

Vulnerabilities in production are not exceptions - they are inevitable. The strategic question is not how to eliminate every flaw before release, but how to manage risk once software is live. That requires a shift from prevention as the primary control to visibility, containment and response in production. SAST, DAST and secure coding remain essential. But they must be complemented by production-aware controls that distinguish theoretical risk from real, reachable and exploited behaviour. In an AI-accelerated world, resilience depends on understanding what is happening inside running applications - and acting accordingly.

Attendees will learn:

  • AI accelerates both delivery and vulnerability discovery
  • Pre-production security is necessary but insufficient on its own
  • Vulnerabilities in production should be assumed
  • Effective risk management requires visibility and control inside live applications

Harnessing the OODA Loop: Elevating Cyber Defence with AI


Andrew Yeates, Senior Sales Engineer, Illumio

Threat actors are more focused than ever on exploiting artificial intelligence to speed up their attacks and improve their effectiveness, fundamentally altering the dynamics of cyber defence. In this context, the principles of Colonel John Boyd’s OODA Loop Observe, Orient, Decide, Act are more relevant than ever, particularly when AI is applied to outpace adversaries operating at machine speed. This discussion explores how Illumio uses AI driven analytics to operationalise the OODA Loop, enabling organisations to detect, understand, and respond to threats faster than human led processes alone can achieve.

Attendees will learn:

  • The new risks of pervasive AI in todays world
  • Considerations for an effective AI enabled defence-in-depth strategy
  • How to use AI to stay ahead of AI driven adversaries

On the Front Lines of AI Powered Email Attacks: Stories from Security Leaders


Mick Leach, Field CISO, AbnormalAI

Security teams are seeing a rise in highly tailored phishing and business email compromise attacks that look and feel like genuine business communication. In this session, you will hear directly from security leaders on the front lines—the tactics attackers are using, where traditional tools and manual reviews are falling short, and what ultimately forced them to rethink their approach to email security. They will share the actions they have taken, from securing executive and board buy-in to rolling out defensive AI, tuning policies, and measuring impact. You will walk away with clear, real-world examples of what “good” looks like and practical steps you can take to defend your organisation against AI-powered email threats.

Attendees will learn:

  • What can you learn from how AI-powered attacks are hitting peers today? Hear customers walk through real phishing, BEC, and vendor fraud attempts that slipped past legacy tools and looked like everyday business email
  • How do you know it’s time to change your email security strategy? Learn what inflection points pushed our customers to act, and how they built the business case, aligned executives and the board, and shifted from manual review to AI-driven detection and response
  • What would a practical roadmap to defensive AI look like in your organisation? Leave with a clear, customer-tested blueprint—from first steps and quick wins to tuning policies, measuring success, and strengthening resilience while reducing analyst workload

Your Perimeter is on the Front Lines: Attack Surface Reduction as a Primary Defence


Dan Andrew, Head of Security, Intruder

This education seminar will provide a deep-dive into core concepts and practical recommendations for Attack Surface Management (ASM) and Asset Discovery. Your perimeter is on the front line, and good patch management alone is not enough to protect it. You should leave this session with a better idea of how to blend ASM and Asset Discovery with Patch Management for a robust exposure management process. We will run through examples of attack surface risks, real-world vulnerabilities affecting internet exposed tech, and why implementing an ASM process is critical alongside patch management. It may be tempting to fall back on just patching your biggest *known* threats, but some of the biggest risks are vulnerabilities that are not yet publicly known. These threats do not have a CVSS score, and attack surface management is your primary defence. Learn how to future-proof your perimeter.

Asset Discovery is also an essential part of managing your attack surface. Keeping track of your internet exposed IPs and domains is far from trivial, and cloud environments in particular make this challenge harder. Losing track of some of your assets is no longer an embarrassing mistake - it's an unavoidable reality. We will show some examples of how this happens, and give a practical approach to asset discovery which helps you keep track, and avoid systems slipping outside of your exposure management process entirely.

Attendees will learn:

  • Integrating Attack Surface Management into your Patch Management process - defining ASM as a Primary Defence that's proactive, not reactive
  • Prioritisation considerations and why Informational risks are Criticals waiting to happen. Why not all 'Criticals' are equal, and why CVSS is not king
  • The importance of Asset Discovery to find Shadow IT and build a realistic view of your Attack Surface. Practical recommendations on how to approach this

Building Cyber Resilience for the AI Era


Commvault

The cyber-attack surface is evolving exponentially. AI-powered threats are exploiting vulnerabilities faster than ever, while cloud-first architectures have created new exposure points demanding fresh protection strategies. The question isn't if your organisation will face an attack—it's when. Will your data be protected? Can your business recover? Join Commvault as we explore the modern threat landscape and demonstrate why an optimised cyber resilience strategy is imperative.

Attendees will learn:

  • How AI is transforming attack velocity and sophistication
  • Why cloud-first enterprises must rethink security and recovery
  • Practical frameworks for ensuring business continuity when threats become reality
  • Real-world lessons from the front lines of enterprise cyber resilience

From Background Noise to Actionable Intel: Harnessing Mass Scanning and Deception for Defence


Dan Strivens, EMEA SE, GreyNoise Intelligence 

This workshop will give participants a fresh perspective and a technical understanding of mass scanning and internet noise, how attackers use those as tools, and how defenders can enhance their perimeter security using data from large scale deception technology, and alongside localised sensor deployments.  Given the scale of attacker infrastructure and the speed at which they can deploy exploits against new vulnerabilities, increasing visibility of potential attacks, and distinguishing between what is generic and what is targeted, is of the utmost importance.

Attendees will learn:

  • How to use GreyNoise to filter out background noise and hunt for bad actors
  • How trends in vulnerability exploitation can help prioritise mitigation and fixes, as well as early warning signals to new vulnerability disclosures
  • The place of deception technology in cyber security

Sweden Under Attack: A Blueprint for ProAIctive Defence


Andy Quaeyhaegens, Consultant Channel Solutions Engineer, Netskope

With Swedish enterprises under constant fire from AI-powered threats, protecting your assets requires more than a firewall. Learn how Netskope’s context-aware security moves you from static 'No' to intelligent 'Know,' providing full data control across the AI frontier. Don't just defend; take the AI fast lane with confidence.