Agenda

08.00 - 08.50

Breakfast networking and registration 

08.50 - 09.00

Chairman's welcome

09.00 - 09.20

► In it for the long run; building a sustainable solution to cyber security resourcing 

Craig McEwen, Global Head of Cyber Operations, Anglo American

  • Current state of affairs – Attacks etc
  • Current state of affairs – Recruitment figures
  • Future touch points – OT (blended or dedicated and a complete lack of existing skill in the OT area)
  • Winning the war, not the battle – Apprenticeships, talent development etc
  • What should we be looking for – What is easier to train, cyber skill or natural talent/analytical mind etc.
09.20 - 09.40

► Communicating with the Board effectively –Security strategy definition 101

Antonio Campos Dionisio, Group CIO and Frank Murray, CISO, Associate Vice President – IT Security, Risk & Business Resilience, MIG Holding 

  • Understanding your stakeholders. Identify different functions’ business risks, and communicate your message accordingly
  • Hacking the boardroom. Gaining executive management buy-in by adopting the model of a hacker 
  • Defining your priorities. It’s not just about the budget or the underlying technologies. Understand the value for the business instead of “just squeezing money” out of the board
09.40 - 10.00

► The dark secrets of the Dark Web: an insight into this unique asset and risk, and how it differs from other sources of intelligence

Nour Fateen, Pre-sales Consultant, Recorded Future

  • Real-world examples of threat actor activities in dark marketplaces 
  • Methods for uncovering emerging threats using Dark Web sources  
10.00 - 10.20

► The Emergence of Credential Stuffing and Cybercriminal AI

Shuman Ghosemajumder, CTO, Shape Security

  • Credential stuffing has been named by CSO Online as the #1 most significant security issue in 2019.
  • Shuman Ghosemajumder, CTO of Shape Security, will explain how this threat has evolved, starting from when Shape first introduced the term to the marketplace over seven years ago, to how it gained international prominence in numerous sophisticated public attacks.
  • He will also provide insights into the heightened challenges businesses are facing as a result of cybercriminals leveraging AI to attack websites and mobile apps in these cases.
10.20 - 11.00

Education Seminar Session 1

Delegates will be able to choose from a range of topics:

  • Risky Business: A Privacy & Security Team’s Guide to Risk Scoring, Ian Evans, Managing Director, EMEA, OneTrust
  • The Ceaseless Evolution of Consumer Transformation, Tim Ayling, Kaspersky Fraud Prevention Lead, Kaspersky Lab
  • Re-evaluating data security in modern, multi-faceted environments, Slam Laqtib, Sr. Product Manager, Thales
  • Threat Actor - A Love Story?, Andrew De Lange, Solutions Consultant, Anomali
11.00 - 11.30

Networking and refreshments 

11.30 - 11.50

► Running the risks and regulations. The insider truth on cyber risk management

Christos Christou, Chief Compliance Officer, Lulu Exchange

  • Introduction to AML/CFT Risk Management – the Regulatory Requirements
  • Security – what is required from a business perspective and how important is security to the decision to make or buy?
  • Cloud vs Hosted Services – what is the business perception and what is the Regulatory Requirement
  • How do we manage the AML/CFT Risk and Security in Lulu Financial Group?
11.50 - 12.10

► Harnessing the Power of a Digital Identity Network: Reducing eCrime, Building Trust

Andy Renshaw, Senior Director, Market Planning, Fraud and Identity, ThreatMetrix

  • How harnessing a global view of trust, and risk, helps detect and block advanced fraud.
  • Building trust using digital identity intelligence can help better distinguish between good customers and fraudsters in near real time.
  • An analysis of recent attack patterns and fraud typologies from the ThreatMetrix Digital Identity Network, which analyzes 110 million transactions a day.
12.10 - 12.30

► FILES: The Enfant Terrible of Any IT Environment

Nicolai Solling, Chief Technology Officer, Help AG Middle East

  • There are thousands of file formats and they are ultimately the agents that deliver everything from a website to an attachment in your inbox. While files are good and deliver functionality, but they can also be bad, weaponized delivery vehicles for malware.
  • In this session we will talk about files, the types one should be extra careful about and how these are utilized in social engineering, malware and crypto attacks.
  • In a world where attackers have more resources and capabilities than ever, we will discuss how small changes and new technologies can significantly increase your robustness against both file-based and file-less attacks.
12.30 - 12.50

► Stop Attacks Targeting Industrial Control, ICS-SCADA and Other Vital Systems

Atiq Raza, CEO & Bobby Gupta, VP of Sales for APAC and EMEA, Virsec Inc

  • Critical infrastructure systems around the world are under assault from targeted cyberattacks seeking to cause damage, disruption, theft and significant financial losses. Advanced attacks like Stuxnet, BlackEnergy, Triton, and Industroyer bypass conventional security and subvert legitimate applications and processes to infiltrate sensitive systems.
  • Virsec is the first solution to provide ICS cyber security and protect industrial control systems (ICS), supervisory control and data acquisition (SCADA), and other mission-critical applications at the process memory level. Acting as a memory firewall, Virsec scrutinizes application process memory to ensure that critical applications only behave as intended and aren’t corrupted by advanced exploits.
12.50 - 13.30

► Education Seminar Session 2

Delegates will be able to choose from a range of topics:

  • Using SABSA techniques to develop a Cyber Security Strategy, Michael Hirschfeld, Cyber Security Adviser, SABSA
  • A Privacy Playbook for "Reasonable and Appropriate" Security Measures and Safeguards, Ian Evans, Managing Director, EMEA, OneTrust
  • Offensive Security Testing with a Hacker mindset, Ron Peeters, Managing Director EMEA, Synack
  • Let’s Demystify Cloud Security!, Ilmaz (Kory) Kashkooli, Managing Director, TNCT
13.30 - 14.30

Lunch and networking 

14.30 - 14.50

Getting Smart about threat intelligence 

Ebrahim AL-Alkeem, Information Security Manager, ENEC

  • How AI impacts and aids threta intelligence 
  • How AI impacts and aids threat intelligence: how they are using AI in the cybersecurity effort? 
  • How and where to invest in AI and machine learning tools 
14.50 - 15.10

► Synchronized Security: Cybersecurity as a System

Malay Upadhyay, Technical Head Middle East, Sophos

  • Ever changing threat landscape
  • How a tightly integrated cybersecurity system enables you to stay ahead of the adversaries and nation state attacks
  • How to turn cybersecurity from a business cost to a business enabler
15.10 - 15.30

► Upping the cybersecurity benchmark,. How good is good enough?

Suresh Nair, Chief Information Security Officer, MENAT, GE 

  • The various challenges of large multi-national corporations vs. SME’s
  • Managing third party security.  Is the security of your third parties as important as the security of your organisation itself? How do you audit and benchmark the security of your third parties? 
  • “Minimum baselines and standards” of cybersecurity. How do you decide what is the bare minimum for your business?
  • Cyber-risk management. What are the metrics? How do you model and analyse it?
15.30 - 15.50

► Cyber: the senior management perspective

Balaji Nagabhushan, Group Chief Administrative Officer, Tristar Transport

  • What do your senior management and stakeholders want to know about the cybersecurity of your organisation?
  • How does cybersecurity fit alonside other functions such as risk, legal and CSR? 
  • Risk management perspective. How has cybersecurity become a wider part of overall operational risk? Is cyber-risk unique? And should it be measured and valued in the same way as other forms of operational risk?
  • Communicating with stakeholders. What do they need to know and how does cybersecurity now arguably affect the market share price and commercial value of an organisation?
15.50 - 16.10

Networking and refreshments

16.10 - 16.30

► Journey from the “dark side”: one business leader’s journey from vendor to end-user

Neil Haskins, Head of Security & Technology Operations, Careem

  • Double perspectives on navigating the solutions provider landscape and truths about cybersecurity budget and procurement
  • The journey from the dark side, the transition to the good side. What both side know – and need to share – about cyber resilience
  • Case study from Careem: what went wrong. And what we did to put it right…
     
16.30 - 16.50

► Executive panel discussion

The new inconvenient truths on AI, machine learning and its impact on business 

  • Adam Lalani, Group Head of IT, Tristar Transport
  • Ebrahim AL-Alkeem, Head of Information Security, ENEC
  • Brian Byagaba, Senior Manager Information Security, Commercial Bank International
  • Bharat Gautam, Head of Information Security, DAMAC Properties
16.50 - 17.10

► Making Big data big business. How information security and data governance can work to your commercial advantage 

Mike Pitman, CISO, Dunnhumby

  • Information security as a commercial competitive advantage 
  • How your data governance can win or lose you clients 
  • The CISO as business enabler: working with commercial functions
  • ISO 27001 certification: Does this give your clients confidence or a false sense of security?
17.10 - 17.10

Conference close 

Education seminars


Anomali - Threat Actor - A Love Story?


Andrew De Lange, Solutions Consultant, Anomali

Do we romanticise cyber threat actors? When a cyber incident strikes, we may love the idea that it is some APT (insert number here) or Fancy/Angry (insert animal here) or some other famous threat actor, perhaps with nation-state abilities. But we may also hate the idea that it might be: these are the most dangerous adversaries. In reality our enemies aren’t even on our radar, because we turn a blind eye to the smaller signals our controls catch for us. But sometimes these are small pieces of a bigger puzzle we need to understand. What you will learn in this seminar:

  • Leveraging critical thinking and finding trends in the noise.
  • Actor profiling
  • The importance of remaining unbiased in your research.
  • Collaboration to find the common enemy

Kaspersky Lab - The Ceaseless Evolution of Consumer Transformation


Tim Ayling, Kaspersky Fraud Prevention Lead, Kaspersky Lab

In this presentation, hear about the recent history and the future of technology and consumer patterns and drivers. This session explores the continued proliferation of social media, IoT, cryptocurrency & artificial intelligence and the implications of this technology. The huge rise in cybercrime and fraud highlights the challenges businesses face across all industries.

This session takes a look at what those challenges are, how we can react to them and what we can do better. It covers:

  • Changes in our digital lives and how this drives the consumer;
  • The value of data in today's world and the implications of this;
  • The current state of e-fraud

OneTrust - A Privacy Playbook for "Reasonable and Appropriate" Security Measures and Safeguards


Ian Evans, Managing Director, EMEA, OneTrust

With a new era of privacy regulations upon us, requirements for implementing "reasonable and appropriate" security measures and safeguards are becoming more common than ever.  While privacy and security professionals often view security from different perspectives and may have competing priorities, there are a number of ways in which these differences can be used to the advantage of both teams. In this session, we'll share a playbook on how to build a harmonized and risk-based security framework that addresses a variety of divisions within an organization, as well as how security and privacy teams can work together to become more effective.

  • Understand the requirements and importance of implementing "reasonable and appropriate" security measures and safeguards for privacy professionals
  • Outline several areas of common ground that should help every organization align their security and privacy operations
  • Take away a playbook for building a harmonized and risk-based security framework

OneTrust - Risky Business: A Privacy & Security Team’s Guide to Risk Scoring


Ian Evans, Managing Director, EMEA, OneTrust

Risk scoring across vendor management, breach notifications, DPIAs and other activities is imperative for compliance with many global privacy laws and security frameworks. Organizations routinely tailor their data protection and security activities based on the results of detailed risk assessments, but this leads to a myriad of questions. How do you calculate risk? What constitutes low, medium or high risk? How do you define a risk criteria? What’s the difference between inherent, current and residual risk? In this session, we’ll detail the importance of conducting risk assessments under global privacy laws like the GDPR and security frameworks such as ISO 27001, provide scenario-based approaches to risk assessment and give examples on how to tailor your approaches based on risk level.  

  • Understand various approaches to conducting risk assessments
  • Learn how to define a risk criteria and how to calculate risk level
  • Learn how to tailor your privacy and security programs using a risk-based approach

SABSA - Using SABSA techniques to develop a Cyber Security Strategy


Michael Hirschfeld, Cyber Security Adviser, SABSA

The SABSA architectural methodology has a number of tools, techniques and frameworks that can help IT Security professionals understand the challenges they face, present and discuss with their executive and stakeholders when building and progressing a Cyber Security Program.

Fundamentally, a strategy is a document that sets out how you plan to achieve a series of long-term objectives.

Within Cyber Security our objectives must be closely aligned with those of the ICT group and, just as importantly, with those of the business as a whole.

If our Cyber Security Strategy isn’t helping the Business or ICT meet their objectives, then we will struggle to articulate our relevance and we will find it difficult to get budget. On the other hand, when our strategy clearly aligns and strengthens the business we are viewed more as a partner.

This presentation will cover a few of the basics of SABSA, provide you with a framework for a Cyber Security Strategy and then demonstrate how understanding and applying some key techniques from the SABSA tool kit can assist you in developing and presenting a coherent and aligned Cyber Security Strategy that the business will understand.

What attendees will learn:

  • The basics of SABSA;
  • How to structure a Cyber Security Strategy;
  • Key inputs into the Cyber Security Strategy; and
  • Key techniques for developing a Cyber Security Strategy

Synack - Offensive Security Testing with a Hacker mindset


Ron Peeters, Managing Director EMEA, Synack

CISOs are experiencing exponential growth in cyberattacks, and those attacks are increasingly sophisticated with greater break-in success. Traditional vulnerability scanning and compliance-based penetration testing have proven insufficient to reduce vulnerability against such malicious hackers and Nation State attacks. 

During this session, attendees will learn: 

  • Why traditional solutions such as Vulnerability Scanners and Pen Testing are no longer sufficient enough to protect against cyberattacks.
  • Of a revolutionary security testing approach that deploys large teams of international, top-class security researchers.
  • How a controlled crowdsourced deployment platform can find serious vulnerabilities in any live system within a matter of hours. 
  • And you'll hear about several case studies, including one on the Pentagon where Synack was able to break in within just four hours. 

Thales - Re-evaluating data security in modern, multi-faceted environments


Slam Laqtib, Sr. Product Manager, Thales

Businesses, institutions and government agencies continue to be breached.  Hackers have proven that traditional technologies and conventional approaches are not enough to prevent this epidemic. This is true even for the most sophisticated organizations with world-class security specialists and scientists.  And now the challenge has become more complex, with deployments involving the rise of multi-faceted environments, including on-premises, public cloud and hybrid cloud implementations.  Because breaches are inevitable, rendering data useless to hackers by applying data security best practices is critical: using key management and encryption to attach security to the data itself is the only way out.

In this talk, we will do a deep dive into:

  • Securing data and rendering it useless in multi-cloud and hybrid environments
  • Best practice key management, encryption, tokenization and de-identification techniques
  • Cloud management as a service with true multi-cloud support

TNCT - Let’s Demystify Cloud Security!


Ilmaz (Kory) Kashkooli, Managing Director, TNCT

  • How much of “cloud” do we really use on a day-to-day basis?
    • Chances are we think we do not use any form of could-based services. In fact it is otherwise and we will be reviewing some examples in our daily lives which are clear indications of how extensively we actually utilize cloud-based services.
    • The reality of “shadow-IT” as an inevitable result of using cloud-based services!
  • A quick introduction of cloud-based services (Something-as-a-Service)!
    • Nowadays we come across a long list of “something-as-a-service”! Let’s take a look at some of these terms and demystify them a bit.
  • A closer look at SaaS and IaaS as well as their use cases and some of the security concerns.
    • Why, where and when do we seem to use SaaS or IaaS based cloud-based services?
    • Before starting to use SaaS and IaaS we must really be aware of the fundamental security concerns around them in a corporate context.
    • How can we address the listed security concerns as of today using the available technologies?
    • Let’s explore some of the challenges that are still not addressed today.
  • Final Take Away - Visibility!
  • Cloud is Complex! Security is Complex! And Securing our Cloud usage can be quite Complex! A bird’s-eye-view and holistic visibility is KEY to effectively and pro-actively securing our cloud usage.