Agenda

Presentations already confirmed include:


►Government Cyber Action Plan

Alex Harris, Head of Future Cyber Capability, Cabinet Office

Last year, Alex outlined the scale of the cyber challenge faced by government and the public sector. This presentation will set out how DSIT's Government Cyber Action Plan aims to meet these challenges.


►Building Resilience Through Experience: Lessons from Recent Cyber Attacks

Mike Owen, Deputy Director Cyber Operations, NHS England

  • How real-world cyber attacks unfolded in the NHS, including what worked, what failed, and the practical lessons learned from responding under pressure.
  • Key strategies for building organisational cyber resilience, drawn from first-hand experience of managing incidents in a complex, high-impact environment.
  • Actionable insights leaders can apply immediately to improve preparedness, decision-making, and recovery before, during, and after a cyber attack.

►Post Quantum Cryptography within Life Sciences

Zak Pantelli, Distinguished Architect & Senior Director - Data Security & Cryptography, GSK

  • Understanding of PQC and the impact on life sciences.
  • Why crypto procrastination is causing delay in implementation.
  • Understanding of PQC migration approaches.

►Panel Discussion: Third Party and Beyond — Where Modern Breaches Begin

Simon Brady, Event Chairman (Moderator)
Evie Wild, Information Security Officer, EMEA Region, LBBW Bank
Stephen Kinghan, Senior Manager, Security Risk Specialists, Lloyds Banking Group
Adam Abdat, SOC Lead, easyJet
Federico Charosky, Founder & CEO, Quorum Cyber

  • How do you identify and manage the potential single point of failure in subcontracting (4th parties)
  • When in-house AI is strictly controlled, how do you manage new AI introduced via third party add-ons
  • How can you detect and prevent shadow IT and shadow procurement
  • How do you approach changing the culture around the onboarding process

►Panel Discussion: Privilege Sprawl — The Ghost in the Machine

Steve Davies, Head of Cybersecurity, DLA Piper (Moderator)
Adam Lorimer, Director of Security Operations, University College London
Dhipa Lee, IAM Transformation Lead, NatWest Group

  • How can IAM and Zero Trust expose and contain privilege sprawl before attackers turn it into a breach path?
  • What cultural or operational changes are needed to shift from static access models to adaptive, continuously validated security?
  • How do we balance usability and functionality in IAM

►Panel Discussion: From Human Error to Human Defence — The New Era of Cyber Culture

Nasser Arif, Cyber Security Manager, LNWUH NHS Trust (Moderator)
Janette Bonar Law, Information Security Operations Manager, Channel 4
Holly-Jane Grayling, Security Culture and Awareness Lead, Tunstall Healthcare

  • How can we actively reducing the human and insider attack surface based on the patterns we keep seeing in recent breaches?
  • How are you identifying and acting on live behavioural risk signals—beyond training completion—to prevent the next high-impact incident?
  • How do we continuously reinforce secure behaviour through in-the-moment nudges, intentional friction, and visibility in daily workflows?
  • How are you embedding leadership modelling, accountability, and reinforcement of secure behaviour as a sustained organisational control?

►Fireside chat: Resilience: a revolution or just re-labelling?

Sarah Lawson, Director of Cybersecurity, Risk and Resilience (CISO), Oxford University Press
Spencer Scott, Global Head of Information Security, AllSaints & John Varnatos

  • Has “resilience” actually changed how you run your security operation day to day, or is it mainly a different way of describing the same controls and priorities you already had?
  • From “prevent and protect” to “ensure continuity of critical services”: you still need security, so is this just more work for the security team?
  • What investment trade-offs do you now make between prevention and business continuity? Have your technology focuses changed?
  • Does a resilience mindset de-prioritize some kinds of breach/loss (e.g. partial customer data, GDPR)? And does it create less of a scapegoating security culture?

►Compliance as a Consequence: Driving Security, Enabling Assurance — A Telco Perspective

Simon Turner, Head of Security Governance and Compliance, BT Group

  • Reframing compliance as the natural result of strengthening governance, managing risk, and designing effective controls, rather than treating it as a standalone or periodic activity.
  • Unifying GRC efforts by embedding clear ownership, aligned controls, and security practices into daily operations while meeting overlapping regulatory and certification requirements.
  • Strengthening resilience and reducing waste by moving from chasing audit evidence to building systems where compliance is the outcome of doing security the right way.

Education seminars


AI vs AI: Navigating the New Era of the Cyber Battlefield


Céleste Manenc, Corporate Sales Engineer, CrowdStrike

Artificial intelligence is changing the pace and scale of cyber operations. Adversaries are using AI to accelerate reconnaissance, automate intrusion paths, and exploit weaknesses faster than traditional defenses can respond.In this session, CrowdStrike shares frontline insight into how this shift is unfolding across the global threat landscape. We examine how threat actors are applying AI today and what effective, AI-native defense looks like in practice. The discussion focuses on practical decision-making, resilience, and how organisations can apply AI with discipline to stay ahead as adversaries continue to evolve.

Attendees will learn:

  • How AI is being operationalised by modern adversaries
  • Where AI delivers real advantage in detection and response
  • What defines an effective AI-native security approach
  • How to combine machine intelligence and human expertise to reduce risk

Rethinking Access, Securing the Tools and Devices You Don’t Control


Andy Mayle, Senior Manager, Solutions Engineer, 1Password

How do you offboard someone from an app you didn’t know they used? Or secure a device you don’t manage? In a world of AI agents, shadow IT, and hybrid work, traditional access tools fall short. This session explores how access security must evolve, so you can govern AI, protect unmanaged tools and devices, and empower work without holding teams back.

Attendees will learn:

  • Where access security fails in the age of AI agents, shadow IT, and hybrid work
  • How to regain visibility and control over apps, tools, and devices you don’t own or manage
  • Practical approaches to securing access without slowing teams or blocking innovation

From Hype to Advantage: Operationalizing AI in the Modern SOC


Carlo Minassian, Founder & CEO, LMNTRIX

AI in cybersecurity is everywhere right now. Copilots, assistants, auto-everything. But here’s the thing. Most of it is still surface-level automation dressed up as intelligence. This session cuts through the hype and shows what real, operational AI looks like inside a modern SOC. Carlo Minassian, Founder and CEO of LMNTRIX, shares how an agentic AI approach is being used in production to investigate alerts, reason across telemetry, and execute response actions with humans in the loop. Instead of adding another dashboard or chatbot, LMNTRIX built AI directly into the detection and response workflow.

Attendees will see a live demonstration of Artemis, an autonomous investigation engine that correlates signals across endpoint, identity, cloud, and network, and LISA, a conversational security assistant that explains incidents, recommends actions, and collaborates with analysts in real time via chat and console. The talk walks through what AI is genuinely good at today, where expectations are unrealistic, and how CISOs can apply AI safely and pragmatically to reduce noise, speed investigations, and improve resilience without losing control or transparency. If you care about measurable outcomes like faster investigations, fewer false positives, and less analyst burnout, this session shows what works and what to ignore.

No theory. No slideware. Just real-world AI for cyber defence, demonstrated live.

Attendees will learn:

  • How agentic AI can autonomously triage, investigate, and respond to threats across multiple security layers
  • A live walkthrough of Artemis and LISA handling real alerts end to end
  • Practical guidance on where GenAI adds value in the SOC and where it doesn’t
  • How to reduce Tier-1 workload, cut noise, and materially improve MTTD and MTTR without adding more tools

The 2026 Attackers playbook: Hacking Trust


Tom Rossdale, Sales Engineer Director, Varonis

Attackers are no longer just hacking systems. They are hacking trust - exploiting human relationships and digital identities to gain access and move undetected. In this 2026 planning session, Tom Rossdale will walk you through the entire attack journey, from the first phishing email to the final payload. He’ll share real-world examples of the attack techniques we encounter every day, and show you how to stay one step ahead.

Attendees will learn:

  • How phishing and social engineering open the door for attackers 
  • How AI is powering smarter, faster, more personalized attacks
  • A detailed walkthrough of the full attack chain
  • What’s changed since the last Attacker’s Playbook and what to expect in