|08.00 - 08.50||
Registration and breakfast networking
|08.50 - 09.00||
|09.00 - 09.20||
► Protecting data and achieving privacy: Lessons from Royal Mail’s GDPR journey
Nicola Lishak, Head of Information Assurance, Royal Mail Group
|09.20 - 09.40||
► Securing Mobile Workplaces
Mohamad Mahjoub, CISO, Veolia Middle East
|09.40 - 10.00||
► How to Succeed at Threat Hunting & IR: Think Differently about Data
Owen Cole, VP Emerging Territories, EMEA, Extrahop
|10.00 - 10.20||
► APIs – The Next Frontier in Cybercrime
Ameya Talwalkar, Chief Product Officer, Cequence Security
|10.20 - 11.00||
► Education Seminar 1
Delegates will be able to choose from a range of topics:
|11.00 - 11.30||
Networking and refreshments
|11.30 - 11.50||
► ‘Will’ vs. ‘Skill’: are we using the wrong tactics to recruit for our Information Security team?
Goher Mohammad, Head of Information Security, L&Q Group
|11.50 - 12.10||
► Hacked! Security Beyond the Hype
Rajiv Raghunarayan, Senior Vice President of Products and Marketing, Cyberinc
|12.10 - 12.30||
► The Shifting Front Line of Fraud
Dan Woods, VP Shape Intelligence Center, Shape Security
|12.30 - 12.50||
► AI in Security Operations: What we have learnt so far…
Ammar Enaya, Regional Manager Middle East/Turkey, Vectra AI
Time and talent are key factors in preventing a data breach. Learn from peers how AI enabled them to:
|12.50 - 13.30||
► Education Seminar 2
Delegates will be able to choose from a range of topics:
|13.30 - 14.30||
Lunch and networking
|14.30 - 14.50||
► Executive panel discussion
Digital Transformation: Delivering the best, securely
|14.50 - 15.10||
► Attacks are moving at computer-speed – how will your teams respond fast enough?
James Connolly, Expert in application of AI, Darktrace
|15.10 - 15.30||
► How do I implement a ‘Zero Trust’ security policy throughout your organization?
Islam Soliman, Presales Manager Middle East, Pulse Secure
|15.30 - 15.50||
► Cyber security – regulation, resiliency, risk
Martin Leo, Head of Technology Business Controls, State Street Bank
|15.50 - 16.10||
► Transforming Cybersecurity Risk Management, Monitoring & Reporting
Marco Pereira, Head of Commercial Sales EMEA, BitSight
It is now much easier to determine what’s important, dangerous and a real risk to your cybersecurity posture. Using a common framework leads to more effective conversations on risk with your security teams, board members, business partners, insurers and regulators.
Join the BitSight session to explore:
|16.10 - 16.30||
Networking and refreshments
|16.30 - 16.50||
► Executive panel discussion
Compliance and risk mitigation in the changing regulatory landscape: Financial Services Perspective
|16.50 - 17.10||
► How to get the most out of your security investment
Dr. Erdal Ozkaya, Head of Information Security, Standard Chartered Bank
|17.10 - 17.30||
► The new wave of AI/ML cyber-attacks
Ashraf Aboukass, Global Head of Information Security Architecture, Schroders
Fabian Libeau, VP EMEA, RiskIQ
Browser-based attacks—Web skimming, Cryptocurrency Miners, Fingerprinters, and Waterholing encounters—are responsible for some of the most high-profile breaches in recent history, such as the hacks of British Airways and Ticketmaster. Given the frequency by which RiskIQ researchers now encounter these attacks, we believe that they should be taken as seriously as threat mainstays such as phishing and ransomware.
Browser-based attacks have one thing in common: malicious injects. These can be notoriously difficult to detect as their actions take place in the user's browser. The result is weeks or months of compromise on average.
In this session we’ll break down the most common and interesting injection techniques RiskIQ researchers have observed in our telemetry. We’ll also look at ways organisations can defend themselves against this growing class of attack.
- A brief history
- The current landscape - attackers acting with impunity
- How RiskIQ can help
Next Generation: Offensive Security Testing
Ron Peeters, Managing Director EMEA, Synack
Malicious hackers and state-sponsored cyberattacks CAN easily breach any of your mission critical web and mobile applications and networks. Vulnerability scanners and traditional pen testing are not good enough to find many of these exploitable vulnerabilities in your live systems. In this session you’ll learn:
- About a next generation security testing platform incorporating advanced, offensive and adversarial security testing with artificial Intelligence.
- How one of the world’s most elite hacking teams with 1200+ international top-class security researchers can be virtually deployed with short notice.
- Of a number of use cases and POCs performed at customers in the UAE and Saudi Arabia.
Mobile Devices are the 'New Endpoint’ today
Rohit Sinha, Cyber Security Specialist, Zimperium
Traditionally, endpoints (laptops, desktops) have always been the weakest link and an easy target for attackers. Ensuring that these endpoints in their organization are secure has been the most dispersed and difficult security challenge for CISOs and their security teams. And just as security professionals solved that problem, a 'New Endpoint' arrived vulnerable to some threats that were similar, but others that were entirely new, different and which exponentially increased organizational risk. Today, mobile devices are used for all your corporate needs: financial and digital commerce, social engineering, information and entertainment. There is very little one can think of that smartphones cannot now do.
In addition, with the advent of mobile devices, the way we accessed applications also changed completely. Applications, which earlier were web-based and accessible over a browser, are all now available as Apps - always and anywhere available on your smartphone.
Even through mobile devices and Apps have become such an integral part of our professional and personal life, there is little in the way of in-built security to eliminate their vulnerability to advanced cyber attacks.
In this session-
You will learn: About the various attack vectors applicable for mobile devices and how vulnerable our smartphones are
You will see: A live demonstration of a targeted attack compromising the entire device and the Apps on it
You will experience: The impact of this compromise on your corporate data, personal data and your Corporate/Consumer Business Apps
Building an Effective Operating Centre SOC – The Central Nervous System of your Security
Chris Cheyne, CTO, Si Consult
Parallels between cybersecurity and the human body are nothing new. In fact, cybersecurity has often been referred to as the immune system, or skin, of an organisation. When you think that our skin is the initial layer that blocks harmful bacteria/pathogens from entering and attacking our delicate and important internal organs, you can draw similarities between the harmful bacteria and cyber criminals/bad actors trying to gain access to the precious organs, these being a parties inner systems, technology and people.
But if we take this analogy further, you will observe key resemblances between how our human senses, namely how sight, hearing, touch and smell, mirror key components of a well-run SOC.
- Learn how EDR tooling is the eyes of your operation centre; how event logs are your ears; how behaviour analytics guide your sense of smell. And how context acts as the touch that guides and propels your organisation forward.
- In any living organism, the right balance of chemicals/water/light/food is crucial. Equally, within a well-run SOC the right balance of people, skills, technology and processes are fundamental. Find out how to get that balance right.
- Most do not consider how reflex and automation effect cybersecurity. Learn how to successfully receive and react to data in rapid time, just as the human body reacts to and reflects oncoming threats.
- We aren’t all made of money. Obtain tips and tricks on how to get the best from you Security Operation Centre on a budget.
Framework for Automated Phishing Defense & Orchestrated Response
Syed Abid Ali, Co-Founder & CCO, PhishRod
Traditional Security controls such as IPS & Email Gateways are only effective to a certain level that is why phishing remains the most potent threat vector to date. Once a phishing email lands into the mailbox, it only takes a click to trigger a cyber attack. The longer the phishing email resides in the mailbox, the higher is the probability of the threat propagation.
The IT Security teams receive too many incidents with as little time to respond. Even after identification of phishing emails, the deletion from all end-user mailboxes remains a challenge largely due involvement of different stakeholders.
In this session you will learn
- How phishing attacks bypass the traditional email security layer.
- Need for an orchestrated response that involve people, process and technology
- Framework for Automated Phishing Defense & Orchestrated Response
- Using internal & external threat intelligence for phishing defense.
- Defending against phishing threats through Orchestrated response from reporting, investigation, quarantine to deletion
- Correlating Phishing Readiness, Security Awareness, Policy Compliance & Actionable Threat Intelligence.
Secrets of illicit forums: actionable insights from cybercrime communities
David Anumudu, Solutions Architect, Flashpoint
- Understanding of, and procedures that can be gleaned from online illicit communities
- What does risk intelligence actually mean?
- How do illicit communities operate?
- What can I learn from these about threat actor motivations, tactics and techniques?
- Is my organisation mature enough to gain value from intelligence products?
Risk Based Authentication: how to minimise user friction
Matthew Platten, TFP Presales Manager EMEA, Appgate
Too much security Kills Security We are all familiar with this concept, yet in today’s escalating banking fraud environment, how can one master the challenge of customer retention along with the need for strong user authentication and stringent security procedures?
In this presentation we will see how Risk Based Authentication provides necessary user authentication while lowering friction, by basing authentication requests on context, not a systematic approach. This can be determined by profiles factors such as origin, destination, time of day, velocity, IP, user platform and location, allowing expert systems to determine if Risk Based Authentication is needed.
This presentation will cover:
- RBA context
- User Authentication acceptance
- Technology participating in RBA
- RBA Chain of event
- Necessary steps for implementation
Risk-based approach to Security Operations
Faiz Shuja, CEO & Co-Founder, SIRP
On average, every organisation has 25+ security controls generating a ton of alerts and vulnerabilities. On top of that, if the organisation is diligent enough, they'll be getting threat advisories from different external sources as well. Since it is not humanly possible to investigate and take action upon so much data coming in so fast, how can you prioritise your response?
Presentation will cover:
- Drawbacks and limitations of focussing on traditional bucket based (High, Medium, Low) severity approach
- The fundamental gap between what technical guys are doing and what senior management understands
- The requirements for effective risk-based security operations
- How to use the Security Score to maximise efficiency and focus your limited resources on the threats that matter the most