Agenda

Presentations already confirmed include:


►Defining and Securing AI Responsibilities in Financial Service

Ioan Nascu, GenAI Security Assurance specialist, Citi 

  • Introducing a pragmatic framework that clarifies cybersecurity accountabilities between financial institutions and AI providers
  • Leveraging familiar IaaS, PaaS, and SaaS structures to map security responsibilities for AI systems
  • Applying the model to Foundation Models to support secure and responsible AI adoption
  • Enabling a flexible, high-level approach tailored to the financial sector’s evolving needs

►Keeping Security Teams Sharp in the Absence of Incidents

Steve Armstrong-Godwin, Lead of Security Incident Response and Threat Management, Danske Bank

  • Experience-led insights into keeping security teams sharp when incidents are rare but stakes remain high
  • Practical methods for building confidence and coordination through low-friction, high-impact exercises
  • Design principles for simulations and training that fit real-world constraints, not fantasy budgets
  • Tactics to avoid drift, burnout, and complacency—without waiting for a crisis to galvanise the team

►The Calming of the "Cs"

Gill Fenney, Head of IT Risk Governance, Bupa

  • Compliance - the ever increasing burden on Financial Services
  • Complexity - the nuances of various compliance commitments
  • Cost - the cost of attaining and maintaining compliance
  • Chaos - the risk of an unstructured approach

►What High-Performing Security Teams Have in Common

Ryan Virani, Director, Adeptis Group

  • Cross-sector hiring patterns: where strong security teams invest early, which roles they prioritise, and what they stop doing
  • What top teams look for in interviews: mindsets, behaviours, and commercial literacy linked to consistently high performance
  • Traits of leaders who excel: the backgrounds, operating styles, and environments that set successful security leaders apart
  • Org-wide pitfalls and future shifts: common hiring missteps plus how modern security org charts are likely to evolve in the next 3–5 years

►Getting Supply Chain Risk Management Right

Evie Wild, Information Security Officer, EMEA Region, LBBW Bank

  • How to build a culture that drives quality awareness and early risk detection
  • How to apply focused due diligence and tiering to target the highest-impact risks
  • How to empower SMEs and shift left to influence decisions before they solidifGetting supply chain risk management right
  • How to control hidden risks by addressing shadow IT/procurement and gating spend before payment

►Securing the AI Revolution in Banking, Insurance and Asset Management

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Heena Patel, Business Resilience Analyst, Marex
Steph Phelps, Global Operational Resilience Specialist, RGA 
Claire Schrader, Senior Cyber Security Specialist, Lloyds Banking Group

For security leaders, the challenge is stark: how do you secure these systems, ensure compliance, and maintain resilience when the technology itself is evolving faster than the controls designed to protect it?

  • Future-Proofing Security: Designing adaptive governance and security frameworks that evolve alongside AI, rather than always playing catch-up
  • DORA and AI Compliance: How the Digital Operational Resilience Act reshapes resilience expectations in banking, insurance, and asset management, especially for fast-evolving AI systems
  • Securing the AI Supply Chain: Managing third-party and model risks, from external data providers to cloud-based AI platforms, in line with DORA’s ICT risk requirements
  • Balancing Innovation and Control: Embedding resilience testing and security guardrails without stifling AI-driven innovation

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Simon Brady, Event Chairman, AKJ Associates (moderator) 
Jonathan Freedman, Head of Technology & Security, Howard Kennedy 
Jonathan Turner, Head of Cyber Security, Farrer & Co 
Federico Iaschi, Information Security Director, Starling Bank

  • How do we turn risk appetite statements into real decision levers instead of paperwork?
  • With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
  • What cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
  • How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?

Education seminars


Adopting AI Across the Workforce with Confidence


James Derbyshire, Cybersecurity Entrepreneur, Harmonic Security

Organisations across industries are accelerating their use of AI to improve efficiency, remain competitive, and empower employees. Financial services firms, in particular, face mounting pressure to innovate while adhering to strict regulatory expectations and protecting highly sensitive data. As AI becomes woven into everyday workflows through sanctioned tools, embedded features, and a long tail of unsanctioned applications, leaders must determine how to safely enable broad adoption without introducing new operational, compliance, or security risks. 

This session examines the real patterns emerging inside enterprise environments as AI usage expands. Drawing on observed behavior across hundreds of companies, we will break down why legacy assumptions about control no longer hold true. Employees increasingly rely on personal accounts, free tier tools, and AI powered SaaS features, often without awareness of where their data is going or how it may be retained. These shifts create new exposure pathways, from inadvertent sharing of regulated information to interactions with models that train on user inputs. 

Building on these insights, the session offers a practical framework for safe, scalable AI enablement. Rather than relying on restrictive blocks that inadvertently drive shadow adoption, organisations are beginning to apply intelligent guardrails that monitor AI usage, detect sensitive data, and enforce policy in real time. This approach supports responsible experimentation while ensuring regulatory alignment and reducing the likelihood of costly data mishandling. Attendees will leave with actionable guidance for operationalising AI governance in complex, regulated environments and a clear understanding of how leading firms are balancing innovation with risk.

Attendees will learn:

  • The realities of enterprise AI adoption and why usage is now distributed and often unsanctioned
  • The most common exposure patterns and governance gaps emerging across financial services and other regulated industries
  • How to establish guardrails that detect sensitive data, understand user intent, and enforce policy without hindering productivity
  • A practical framework for enabling responsible AI use that supports innovation, oversight, and continuous monitoring

Shadow API: Find Them, Test Them, Fix What Matters


Mark Schembri, Field Software Engineering Manager, Invicti Security

Financial institutions are rapidly expanding their API ecosystems to power banking, payments, trading, and partner integrations. Yet many security teams still lack complete visibility into the APIs operating across their environment. Undiscovered or “shadow API” introduces hidden risk—creating pathways for data exposure, fraud, and non-compliance.

In this session, you will learn how you can apply Invicti’s multilayered approach to API discovery and schema reconstruction. Once discovered, you test these APIs with the industry's best API DAST. Validating difficult-to-find vulnerabilities like BOLA and BLFA, business logic errors, and the presence of weak authentication with proof-based scanning to achieve AppSec’s charter that only secure APIs reach production.

Attendees will learn:

  • Discover hidden APIs 
  • Improve governance 
  • Identify unmanaged APIs 
  • Align with OWASP Top 10 for API