Agenda

►Government Cyber Action Plan

Alex Harris, Head of Future Cyber Capability, Cabinet Office

Last year, Alex outlined the scale of the cyber challenge faced by government and the public sector. This presentation will set out how DSIT's Government Cyber Action Plan aims to meet these challenges.

►Building Resilience Through Experience: Lessons from Recent Cyber Attacks

Mike Owen, Deputy Director Cyber Operations, NHS England

• How real-world cyber attacks unfolded in the NHS, including what worked, what failed, and the practical lessons learned from responding under pressure.
• Key strategies for building organisational cyber resilience, drawn from first-hand experience of managing incidents in a complex, high-impact environment.
• Actionable insights leaders can apply immediately to improve preparedness, decision-making, and recovery before, during, and after a cyber attack.

►Post Quantum Cryptography within Life Sciences

Zak Pantelli, Distinguished Architect & Senior Director - Data Security & Cryptography, GSK

• Understanding of PQC and the impact on life sciences.
• Why crypto procrastination is causing delay in implementation.
• Understanding of PQC migration approaches.

►Panel Discussion: Third Party and Beyond: Where Modern Breaches Begin

• How do you identify and manage the potential single point of failure in subcontracting (4th parties)
• When in-house AI is strictly controlled, how do you manage new AI introduced via third party add-ons
• How can you detect and prevent shadow IT and shadow procurement
• How do you approach changing the culture around the onboarding process

Simon Brady, Event Chairman (Moderator)
Evie Wild, Information Security Officer, EMEA Region, LBBW Bank
Stephen Kingham, Senior Manager, Security Risk Specialists, Lloyds Banking Group
Adam Abdat, SOC Lead, easyJet

►Panel Discussion: Privilege Sprawl: The Ghost in the Machine

• How can IAM and Zero Trust expose and contain privilege sprawl before attackers turn it into a breach path?
• What cultural or operational changes are needed to shift from static access models to adaptive, continuously validated security?
• How do we balance usability and functionality in IAM

Steve Davies, Head of Cybersecurity, DLA Piper (Moderator)
Adam Lorimer, Director of Security Operations, University College London
Dhipa Lee, IAM Transformation Lead, NatWest Group

►Panel Discussion: From Human Error to Human Defence: The New Era of Cyber Culture

• How can we actively reducing the human and insider attack surface based on the patterns we keep seeing in recent breaches?
• How are you identifying and acting on live behavioural risk signals—beyond training completion—to prevent the next high-impact incident?
• How do we continuously reinforce secure behaviour through in-the-moment nudges, intentional friction, and visibility in daily workflows?
• How are you embedding leadership modelling, accountability, and reinforcement of secure behaviour as a sustained organisational control?

Nasser Arif, Cyber Security Manager, LNWUH NHS Trust (Moderator)
Janette Bonar Law, Information Security Operations Manager, Channel 4