Agenda

►Harnessing Policy as Code for Embedding Security Controls in CI/CD Pipelines

Mehran Koushkebaghi, Head of Product Security, Nationwide Building Society

• What is Policy-as-Code, and what are its benefits in the context of security policies?
• Leveraging Policy-as- Code for automating policy evaluation & enforcement in SDL
• Components of a Policy Enforcement System
• Integrating the Policy Enforcement System into the CI Pipeline
• How does it work in practice? A sample implementation
   

►Prioritising Cybersecurity as a Strategic Component of Resilience

Praveen Singh, Head of IT Risk and Cybersecurity, ICBC Standard Bank

• Understanding the Critical Role of Cybersecurity in operational resilience.
• Strategic Integration of Cybersecurity into overall risk management and operational strategies.
• Understanding the investment priorities to enhance cybersecurity.
• Practical insights along with actionable steps for implementation

►Leveraging DORA TLPT (Threat-Led Penetration Testing) to enhance Cyber Resilience

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• How DORA TLPT aligns seamlessly with TIBER-EU, CBEST & DORA to enhance cyber risk management.
• Discover the benefits of an EU-standard approach to threat-led testing.
• See how DORA TLPT boosts readiness for live system testing.
• Learn how to start using DORA TLPT for ongoing cyber resilience and regulatory compliance
   

►Mind the Gap: Uncovering Decision Bias in Cybersecurity

Bec McKeown, CPsychol, Mind Science

• Understanding the Role of Cognitive Biases in Security Decisions
• Identifying Key Biases Impacting Security Outcomes
• Mitigation Strategies for Reducing Bias in Security Practices

►Partnerships or Pitfalls? Mastering Third-Party Risk in Financial Services Security 

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Orlando Fernandez, Senior Technical Specialist at the Recovery, Resolution & Resilience team, Prudential Policy Directorate, Bank of England (BoE)
Peter Smith, Chief Information Security Officer, Allica Bank

• Insights from the PRA, end-users, and suppliers on managing third-party risks
• Navigating the evolving regulatory landscape and its influence on third-party partnerships
• Strategies to identify and mitigate third-party risks
• Transforming strong risk management practices into a competitive edge

►What does DORA mean for cyber security within financial services

Marcus Corry, Director, Tech&Ops, AFME (Moderator)
Gill Fenney, Head of IT Risk Governance, Bupa

• The uplift to banks’ cyber controls
• How cyber-attacks across the supply chain will in future be mitigated
• Information sharing with authorities as part of a firm’s response to an incident