08.00 - 08.50

Registration and breakfast networking 

08.50 - 09.00

Chairman's Welcome 

09.00 - 09.20

► Protecting data and achieving privacy: Lessons from Royal Mail’s GDPR journey

Nicola Lishak, Head of Information Assurance, Royal Mail Group

  • Data Protection Regulation: see it coming and why preparation is vital
  • Engaging your stakeholders: whether the Board, the Business, or the Regulator, collaboration is key to achieving success
  • Having a vision and mapping your journey: implementing the systems and controls to enable you to answer the big questions and demonstrate your path to compliance to your customers, shareholders and Regulator(s)
  • Achieving privacy in an online world: future-proof your privacy program
  • Practical takeaways from Royal Mail’s GDPR journey: how regulation can help you to realise business benefits and achieve the buy-in you need
09.20 - 09.40

► Securing Mobile Workplaces

Mohamad Mahjoub, CISO, Veolia Middle East

  • Deploying secure yet easy to use collaborative tools
  • Bringing agility to operations
  • Redesigning the way of working
  • Being cost effective, environmentally friendly, and secure
09.40 - 10.00

► How to Succeed at Threat Hunting & IR: Think Differently about Data

Owen Cole, VP Emerging Territories, EMEA, Extrahop

  • How a data-first approach to security architectures can illuminate natural consolidation points
  • How collaboration with other parts of the IT organization can improve security posture and reduce tool sprawl.
  • How this collaborative approach also creates opportunity to improve security posture through smarter processes and practices.
10.00 - 10.20

► APIs – The Next Frontier in Cybercrime 

Ameya Talwalkar, Chief Product Officer, Cequence Security

  • Explosive growth in API usage exposes organization to significant cyber security risks
  • Visibility – the first step in understanding and cataloguing the API security risk
  • Exposure – what types of attacks are each of the APIs susceptible to
  • Protection – which of the many API security products is best suited for your needs
10.20 - 11.00

► Education Seminar 1

Delegates will be able to choose from a range of topics:

  • Defending your organisation and your customers against JavaScript injection attacks, Fabian Libeau, VP EMEA, RiskIQ
  • Risk-based approach to Security Operations, Faiz Shuja, CEO & Co-Founder SIRP
  • Next Generation: Offensive Security Testing, Ron Peeters, Managing Director EMEA, Synack
  • Mobile Devices are the 'New Endpoint’ today, Rohit Sinha, Cyber Security Specialist, Zimperium
11.00 - 11.30

Networking and refreshments

11.30 - 11.50

► ‘Will’ vs. ‘Skill’: are we using the wrong tactics to recruit for our Information Security team?

Goher Mohammad, Head of Information Security, L&Q Group

  • There is a cybersecurity skills shortage which is still not shrinking, as hiring managers and leaders we need to tackle the gap between demand and supply of cybersecurity professionals.
  • Traditional methods of hiring need challenging, how to adopt an agile and flexible approach. 
  • Get yourself noticed! What are cybersecurity hiring managers looking for in a new recruit?
  • Positive results: lessons learnt from L&Q Group on building and retaining talent within your security team
11.50 - 12.10

► Hacked! Security Beyond the Hype

Rajiv Raghunarayan, Senior Vice President of Products and Marketing, Cyberinc 

  • The worldwide spending on information security products and services exceeds more than $100B annually, growing at ~10%. Complexity is growing even faster. And breaches feel like a daily affair.
  • As we continue our digitalization journey and as more “things” start getting connected, securing businesses and individuals becomes increasingly paramount.
  • Drawing insights from past breaches, we will explore key learnings and our path forward in getting ahead of the attackers and the attacks
  • This presentation will identify solutions that can transform security defences, making it nimbler and simpler.
12.10 - 12.30

► The Shifting Front Line of Fraud

Dan Woods, VP Shape Intelligence Center, Shape Security

  • Attack Evolution - navigate the attack-roadmap as it has progressed from the commodification of credential stuffing and ATO schemes to some of the most complex and cutting-edge examples of manual fraud and dark web marketplaces. 
  • Countermeasure Efficacy - discover how cybercriminals retool to easily circumvent traditional countermeasures such as WAFs and other trusted fraud tools CAPTCHA, and even fraud tools -  and what can be done to stop them. 
  • Inverting Friction - understand how organisations can protect their customers and brand without compromising user experience or collecting PII.
12.30 - 12.50

► AI in Security Operations: What we have learnt so far…

Ammar Enaya, Regional Manager Middle East/Turkey, Vectra AI

Time and talent are key factors in preventing a data breach. Learn from peers how AI enabled them to:

  • Detect hidden threats in cloud and enterprise networks
  • Perform conclusive incident investigations
  • Respond at previously unattainable speed and efficacy
12.50 - 13.30

► Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Risk Based Authentication: how to minimise user friction, Matthew Platten, TFP Presales Manager EMEA, Appgate
  • Secrets of illicit forums: actionable insights from cybercrime communities, David Anumudu, Solutions Architect, Flashpoint
  • Framework for Automated Phishing Defense & Orchestrated Response, Syed Abid Ali, Co-Founder & CCO, PhishRod
  • Building an Effective Operating Centre SOC – The Central Nervous System of your Security, Chris Cheyne, CTO, Si Consult
13.30 - 14.30

Lunch and networking 

14.30 - 14.50

► Executive panel discussion

Digital Transformation: Delivering the best, securely

  • Sumit Puri, Chief Technology Officer, Evercare Group
  • Bilal Ahmad, Head - Information Security, Union Coop
  • Ismail Jani, Information Security and Compliance Manager, Engineering Office
  • Aizaz Zaidi, Head of Transformation and Operational Risk, Al Masraf Bank
14.50 - 15.10

► Attacks are moving at computer-speed – how will your teams respond fast enough?

James Connolly, Expert in application of AI, Darktrace 

  • The rise of machine-speed and worm-able attacks 
  • Autonomous Response: how cyber AI responds surgically to fast attacks across the entire digital infrastructure 
  • Using AI to ensure your network security works in tandem with your email security
  • Real-world case studies where zero-days and insider threats were interrupted within seconds
  • How to prepare for offensive AI attacks 
15.10 - 15.30

 How do I implement a ‘Zero Trust’ security policy throughout your organization?

Islam Soliman, Presales Manager Middle East, Pulse Secure 

  • How can you improve managing and governing user access?
  • How to implement a single access policy to your data, regardless of where it is located, from wherever the person is accessing it from on whatever device.
  • How to achieve total user and endpoint visibility, and up-scaling device security
  • How you can enable IoT identification in a secure way and set relevant profiles


15.30 - 15.50

► Cyber security – regulation, resiliency, risk

Martin Leo, Head of Technology Business Controls, State Street Bank 

  • Regulatory landscape and change in the years
  • How resiliency is becoming the dominant theme with regulator
  • What role does risk (management) play in the midst of regulation and compliance
15.50 - 16.10

► Transforming Cybersecurity Risk Management, Monitoring & Reporting

Marco Pereira, Head of Commercial Sales EMEA, BitSight

It is now much easier to determine what’s important, dangerous and a real risk to your cybersecurity posture. Using a common framework leads to more effective conversations on risk with your security teams, board members, business partners, insurers and regulators. 

Join the BitSight session to explore:

  • Prioritization, justification and validation of IT security investments to underpin business digital transformation 
  • Managing your security performance, and that of your subsidiaries, and third and fourth party suppliers in today’s hyper-connected environment 
  • Monitoring and Reporting on cyber risk to non IT stakeholders
16.10 - 16.30

Networking and refreshments 

16.30 - 16.50

► Executive panel discussion

Compliance and risk mitigation in the changing regulatory landscape: Financial Services Perspective

  • Aizaz Zaidi, Head of Operational Risk and Transformation, Al Masraf Bank
  • Christos Christou, Chief Compliance Officer, Lulu Exchange
  • Gita Butzlaff, Head of Compliance & MLRO, Beehive P2P
  • Muhammad Rizwan Khan, Head of Compliance, Al Dahab Exchange
16.50 - 17.10

► How to get the most out of your security investment

Dr. Erdal Ozkaya, Head of Information Security, Standard Chartered Bank

  • Ensuring your organisation’s sensitive data remains secure within company walls goes far beyond simply buying and implementing a security solution.
  • Build a long-term plan for your security investment. The IT department should be aware of its role in the organisation and its importance for business continuity.
  • Threats come from every connected channel – do your tools cover all vulnerabilities?
  • Responding to a security breach: Plan, do, check, act.
17.10 - 17.30

► The new wave of AI/ML cyber-attacks

Ashraf Aboukass, Global Head of Information Security Architecture, Schroders

  • What can emerging technologies such as artificial intelligence do to help security initiatives – and what new challenges do they introduce?
  • Developing strategy and oversight of hyperconnectivity
  • How are the cybercriminals using ML and AI techniques. What do information security leaders need to know to stay ahead of the game?

Conference close 

Education seminars

Defending your organisation and your customers against JavaScript injection attacks.

Fabian Libeau, VP EMEA, RiskIQ

Browser-based attacks—Web skimming, Cryptocurrency Miners, Fingerprinters, and Waterholing encounters—are responsible for some of the most high-profile breaches in recent history, such as the hacks of British Airways and Ticketmaster. Given the frequency by which RiskIQ researchers now encounter these attacks, we believe that they should be taken as seriously as threat mainstays such as phishing and ransomware.

Browser-based attacks have one thing in common: malicious injects. These can be notoriously difficult to detect as their actions take place in the user's browser. The result is weeks or months of compromise on average. 

 In this session we’ll break down the most common and interesting injection techniques RiskIQ researchers have observed in our telemetry. We’ll also look at ways organisations can defend themselves against this growing class of attack. 

  • JavaScript injection attacks - what are they?
  • A brief history
  • The current landscape - attackers acting with impunity
  • Steps to defend against JavaScript injection attacks
  • How RiskIQ can help 

Next Generation: Offensive Security Testing

Ron Peeters, Managing Director EMEA, Synack

Malicious hackers and state-sponsored cyberattacks CAN easily breach any of your mission critical web and mobile applications and networks. Vulnerability scanners and traditional pen testing are not good enough to find many of these exploitable vulnerabilities in your live systems. In this session you’ll learn:

  • About a next generation security testing platform incorporating advanced, offensive and adversarial security testing with artificial Intelligence.
  • How one of the world’s most elite hacking teams with 1200+ international top-class security researchers can be virtually deployed with short notice.
  • Of a number of use cases and POCs performed at customers in the UAE and Saudi Arabia.


Mobile Devices are the 'New Endpoint’ today

Rohit Sinha, Cyber Security Specialist, Zimperium

Traditionally, endpoints (laptops, desktops) have always been the weakest link and an easy target for attackers. Ensuring that these endpoints in their organization are secure has been the most dispersed and difficult security challenge for CISOs and their security teams. And just as security professionals solved that problem, a 'New Endpoint' arrived vulnerable to some threats that were similar, but others that were entirely new, different and which exponentially increased organizational risk. Today, mobile devices are used for all your corporate needs: financial and digital commerce, social engineering, information and entertainment. There is very little one can think of that smartphones cannot now do.  

In addition, with the advent of mobile devices, the way we accessed applications also changed completely. Applications, which earlier were web-based and accessible over a browser, are all now available as Apps - always and anywhere available on your smartphone.

Even through mobile devices and Apps have become such an integral part of our professional and personal life, there is little in the way of in-built security to eliminate their vulnerability to advanced cyber attacks.

In this session-

You will learn: About the various attack vectors applicable for mobile devices and how vulnerable our smartphones are

You will see: A live demonstration of a targeted attack compromising the entire device and the Apps on it

You will experience: The impact of this compromise on your corporate data, personal data and your Corporate/Consumer Business Apps

Building an Effective Operating Centre SOC – The Central Nervous System of your Security

Chris Cheyne, CTO, Si Consult

Parallels between cybersecurity and the human body are nothing new. In fact, cybersecurity has often been referred to as the immune system, or skin, of an organisation. When you think that our skin is the initial layer that blocks harmful bacteria/pathogens from entering and attacking our delicate and important internal organs, you can draw similarities between the harmful bacteria and cyber criminals/bad actors trying to gain access to the precious organs, these being a parties inner systems, technology and people. 

But if we take this analogy further, you will observe key resemblances between how our human senses, namely how sight, hearing, touch and smell, mirror key components of a well-run SOC.

  1. Learn how EDR tooling is the eyes of your operation centre; how event logs are your ears; how behaviour analytics guide your sense of smell. And how context acts as the touch that guides and propels your organisation forward.
  2. In any living organism, the right balance of chemicals/water/light/food is crucial. Equally, within a well-run SOC the right balance of people, skills, technology and processes are fundamental. Find out how to get that balance right.
  3. Most do not consider how reflex and automation effect cybersecurity. Learn how to successfully receive and react to data in rapid time, just as the human body reacts to and reflects oncoming threats.
  4. We aren’t all made of money. Obtain tips and tricks on how to get the best from you Security Operation Centre on a budget.

Framework for Automated Phishing Defense & Orchestrated Response

Syed Abid Ali, Co-Founder & CCO, PhishRod

Traditional Security controls such as IPS & Email Gateways are only effective to a certain level that is why phishing remains the most potent threat vector to date.  Once a phishing email lands into the mailbox, it only takes a click to trigger a cyber attack. The longer the phishing email resides in the mailbox, the higher is the probability of the threat propagation.

The IT Security teams receive too many incidents with as little time to respond. Even after identification of phishing emails, the deletion from all end-user mailboxes remains a challenge largely due involvement of different stakeholders.

In this session you will learn

  • How phishing attacks bypass the traditional email security layer.
  • Need for an orchestrated response that involve people, process and technology
  • Framework for Automated Phishing Defense & Orchestrated Response
  • Using internal & external threat intelligence for phishing defense.
  • Defending against phishing threats through Orchestrated response from reporting, investigation, quarantine to deletion
  • Correlating Phishing Readiness, Security Awareness, Policy Compliance & Actionable Threat Intelligence.

Secrets of illicit forums: actionable insights from cybercrime communities

David Anumudu, Solutions Architect, Flashpoint

  • Understanding of, and procedures that can be gleaned from online illicit communities
  • What does risk intelligence actually mean?
  • How do illicit communities operate?
  • What can I learn from these about threat actor motivations, tactics and techniques?
  • Is my organisation mature enough to gain value from intelligence products?

Risk Based Authentication: how to minimise user friction

Matthew Platten, TFP Presales Manager EMEA, Appgate

Too much security Kills Security We are all familiar with this concept, yet in today’s escalating banking fraud environment, how can one master the challenge of customer retention  along with the need for strong user authentication and stringent security procedures?

In this presentation we will see how Risk Based Authentication provides necessary user authentication while lowering friction, by basing authentication requests on context, not a systematic approach. This can be determined by profiles factors such as origin, destination, time of day, velocity, IP, user platform and location, allowing expert systems to determine if Risk Based Authentication is needed.

This presentation will cover:

  • RBA context
  • User Authentication acceptance
  • Technology participating in RBA
  • RBA Chain of event
  • Necessary steps for implementation

Risk-based approach to Security Operations

Faiz Shuja, CEO & Co-Founder, SIRP

On average, every organisation has 25+ security controls generating a ton of alerts and vulnerabilities. On top of that, if the organisation is diligent enough, they'll be getting threat advisories from different external sources as well. Since it is not humanly possible to investigate and take action upon so much data coming in so fast, how can you prioritise your response?

Presentation will cover:

  • Drawbacks and limitations of focussing on traditional bucket based (High, Medium, Low) severity approach
  • The fundamental gap between what technical guys are doing and what senior management understands
  • The requirements for effective risk-based security operations
  • How to use the Security Score to maximise efficiency and focus your limited resources on the threats that matter the most