Agenda

Presentations already confirmed include:


►Implementing security controls at scale in Google Cloud 

Alistair Wardell, Director, Cloud Security, Deutsche Bank

  • How we built up our cloud security controls, layer by layer
  • What we learned on the way
  • What we will work on next

►Harnessing Policy as Code for Embedding Security Controls in CI/CD Pipelines

Mehran Koushkebaghi, Head of Product Security, Nationwide Building Society

  • What is Policy-as-Code, and what are its benefits in the context of security policies?
  • Leveraging Policy-as- Code for automating policy evaluation & enforcement in SDL
  • Components of a Policy Enforcement System
  • Integrating the Policy Enforcement System into the CI Pipeline
  • How does it work in practice? A sample implementation
     

►Prioritising Cybersecurity as a Strategic Component of Resilience

Praveen Singh, Head of IT Risk and Cybersecurity, ICBC Standard Bank

  • Understanding the Critical Role of Cybersecurity in operational resilience.
  • Strategic Integration of Cybersecurity into overall risk management and operational strategies.
  • Understanding the investment priorities to enhance cybersecurity.
  • Practical insights along with actionable steps for implementation

►Leveraging DORA TLPT (Threat-Led Penetration Testing) to enhance Cyber Resilience

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • How DORA TLPT aligns seamlessly with TIBER-EU, CBEST & DORA to enhance cyber risk management.
  • Discover the benefits of an EU-standard approach to threat-led testing.
  • See how DORA TLPT boosts readiness for live system testing.
  • Learn how to start using DORA TLPT for ongoing cyber resilience and regulatory compliance
     

►Mind the Gap: Uncovering Decision Bias in Cybersecurity

Bec McKeown, CPsychol, Mind Science

  • Understanding the Role of Cognitive Biases in Security Decisions
  • Identifying Key Biases Impacting Security Outcomes
  • Mitigation Strategies for Reducing Bias in Security Practices

►Partnerships or Pitfalls? Mastering Third-Party Risk in Financial Services Security 

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Orlando Fernandez, Senior Technical Specialist at the Recovery, Resolution & Resilience team, Prudential Policy Directorate, Bank of England (BoE)
Peter Smith, Chief Information Security Officer, Allica Bank
Michael Jefferson, Head of Financial Services Public Policy UK, Middle East, Africa and Switzerland, Amazon Web Services (AWS)

  • Insights from the PRA, end-users, and suppliers on managing third-party risks
  • Navigating the evolving regulatory landscape and its influence on third-party partnerships
  • Strategies to identify and mitigate third-party risks
  • Transforming strong risk management practices into a competitive edge

►What does DORA mean for cyber security within financial services

Marcus Corry, Director, Tech&Ops, AFME (Moderator)
Gill Fenney, Head of IT Risk Governance, Bupa

  • The uplift to banks’ cyber controls
  • How cyber-attacks across the supply chain will in future be mitigated
  • Information sharing with authorities as part of a firm’s response to an incident

►Securing the future of financial services 

Siân John MBE, Chief Technology Officer, NCC Group 
Chris Greany, Director of Security, Pay UK 

  • We’re living through a digital revolution. Artificial intelligence, quantum computing, connected devices - these technologies promise immense potential, but introduce new risks.
  • Siân will explore the evolution of cyber security, resilience and governance over the last 25 years and how past learnings can help the UK’s financial services sector prepare for cyber risks (both known and new) in 2025 and beyond. 
  • Come away from the session knowing how to design and build a resilient digital future for your organisation. 

►How to Manage Your Risks and Protect Your Financial Data

Nick Palmer, Senior Solutions Engineer, Censys

  • Gain insights into the evolving risk landscape, including threats from compromised third-party providers, unpatched systems, outdated technology, and data breaches.
  • Learn strategies for effective threat response and compliance with DORA regulations using modern cybersecurity solutions.
  • Explore how to leverage the Censys Internet Map for proactive risk identification and mitigation.

►AWS Gone Wild: How Attackers Exploit Your Cloud and How to Outsmart Them

Yonatan Khen, Security Research Team Leader, Hunters

  • Uncover the anatomy of a real-world AWS attack, including credential exposure, lateral movement, privilege escalation, and persistence techniques.
  • Discover practical strategies for detecting threats, securing IAM policies, and monitoring API access patterns to mitigate risks.
  • Learn actionable lessons from an incident response case study to strengthen AWS defenses, tailored for cloud engineers, security analysts, and incident responders.

Education seminars


Defending Financial Services: Stopping Sophisticated Email Threats in Their Tracks


Steven Wills, Senior Engineer, Abnormal Security

The financial services industry is under constant attack from sophisticated email threats, from invoice fraud to executive impersonation and credential harvesting. Join Abnormal Security as we explore real-world examples of email attacks targeting financial services organisations and demonstrate how our advanced AI-powered solution proactively detects and stops these threats.

Attendees will learn: 

  • Understand the Threat Landscape: Insight into the most prevalent and damaging email attacks affecting financial services today.
  • Real-World Case Studies: Examples of successful and thwarted attacks to highlight vulnerabilities and risks.
  • Achieving Operational Efficiency: Save time for IT and security teams while improving overall email security posture.
     

Are You Truly Secure? Answer These Three Key Questions


Brett Ayres, VP of Product, Teneo

Financial institutions face relentless and sophisticated cyber threats, creating a need for a multi-layered defence essential to safeguarding critical systems and sensitive data. This presentation introduces our three-part strategy to identify, protect, and maintain security, offering actionable insights to stay ahead of evolving risks. 

Attendees will learn: 

  • The Three Key Areas to Evaluate:
  1. Identify: Who and what is on my network? Secure access for human and non-human identities.
  2. Protect: Who has access to what? Manage networks securely with Aruba EdgeConnect, incorporating end-to-end segmentation and separate overlays.
  3. Maintain: How do we stay secure? Ensure resilience through automated auditing, patch management, and validation.
     

Financial Services Cyber Success – 2025 and beyond


Ketan Pyne, Pre Sales team for UK&I, Thales Group 
Matthew Santos, Thales Group

  • Compliance is not just about avoiding penalties; it’s an opportunity to build trust with customers and stakeholders. Financial institutions can enhance customer confidence, improve operational efficiency, and attract investors by demonstrating a commitment to security.
  • The year 2025 marks a pivotal moment for the financial services industry. The enforcement of DORA and the new PCI DSS 4.0 requirements demand a proactive and comprehensive approach to compliance and security. By addressing these challenges head-on and adopting best practices, financial institutions can meet regulatory obligations and strengthen their resilience against an ever-evolving threat landscape. 
  • Traditional encryption used today would be vulnerable to attacks by powerful quantum computers in the near future.
  • By proactively transitioning to PQC algorithms now, we ensure our critical data and communication channels are secured well in advance of this potential threat.
  • The time to act is now!