Agenda
08.00 - 08.50 |
Breakfast networking & registration |
08.50 - 09.00 |
Chair's welcome |
09.00 - 09.20 |
►Securing GenAI: Our Journey & Lessons Learned Ali Shepherd, Director of Cyber & Operational Resilience (CISO), FCA
|
09.20 - 09.40 |
►The attacker’s POV: How to build the right continuous threat exposure management (CTEM) program to reduce risk Matt Baird, Global Head of Customer Engineering, Cyberproof
|
09.40 - 10.00 |
►New Strategies for Exposure Management of Modern Infrastructure Ian Perry, Head of Sales Engineering, Searchlight Cyber
|
10.20 - 10.40 |
►From Threat Landscape to Defence How to Supercharge your Cyber Threat Intelligence Approach James Kwaan, CIO - GS&S, Lloyds Banking Group
|
10.20 - 11.00 |
►Education Seminars 1 Delegates will be able to choose from a range of topics:
|
11.00 - 11.30 |
Networking break |
11.30 - 11.50 |
►Cyber Leadership in an era of Dis-Cooperation William Dixon, Associate Fellow, Royal United Services Institute and Senior Technology Cyber Fellow, The Ukraine Foundation
|
11.50 - 12.10 |
►Aggressive Defence: Moving from Detect & Respond to Prevent & Investigate with Identity centric security operations Rory Shannon, Global VP Engineering, Cyderes |
12.10 - 12.40 |
►Inside the Mind of the Adversary: Offensive Innovation and the Future of Cyber Threats Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England
|
12.40 - 13.20 |
►Education Seminar 2 Delegates will be able to choose from a range of topics:
|
13.20 - 14.30 |
Lunch networking break |
14.30 - 14.50 |
►Guarding the Gates You Don’t Control: Third-Party Threats and the Expanding Perimeter Federico Iaschi, Information Security Director, Starling Bank
|
14.50 - 15.10 |
►Safeguarding Your Enterprise: Addressing Human and Insider Risks in Data Loss Prevention Henry Glynn, Cyber Security Solutions Specialist, Bytes
|
15.10 - 15.50 |
►Education Seminar 3 Delegates will be able to choose from a range of topics:
|
15.50 - 16.10 |
Networking break |
16.10 - 16.30 |
►Ransomware in Financial Services: How AI-Driven Ransomware Will Trigger the Next Major Breach Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England
|
16.30 - 17.00 |
►Panel Discussion: The Quantum Threat Timeline: Migration Challenges and Strategic Planning Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
|
17.00 - 17.00 |
Chair's closing remarks |
17.00 - 18.00 |
Drinks reception |
Education seminars
AI Is Eating Your SDLC: Why It’s Time to Break Up With SAST (Just a Little)
James Fenton, Senior Regional Sales Manager UK, Contrast Security
John Wood, Leader, Next-Gen Application Security, Contrast Security
In a world where AI accelerates software development and attackers exploit production logic in real time, financial institutions face a widening gap between risk and reality. The traditional AppSec playbook—scan early, scan often, drown in results—no longer scales. In this interactive session, John Wood and James Fenton unpack how Application Detection and Response (ADR) gives financial services a new way to think about application security-one that’s real-time, risk-aligned, and finally developer-friendly. We’ll share stories from the field, bust a few myths about shift-left security, and offer a practical framework for CISOs and architects to rethink where and how they apply controls in an AI-native SDLC.
Attendees will learn:
- A clearer understanding of what ADR is (and isn’t)
- Practical guidance for reducing noise, closing legacy gaps, and defending Tier 2/3 apps
- A security narrative that developers, risk officers, and regulators can finally agree on
Building Secure and Scalable Financial Services: The Isovalent Approach to Cloud Native Transformation
Raymond de Jong, EMEA Field CTO, Isovalent
As financial services accelerate their cloud native adoption, security, compliance, and operational excellence become critical at every stage of the journey. The Isovalent Platform, powered by Cilium and eBPF, delivers a unified approach to networking, security, and observability for Kubernetes environments - enabling financial institutions to reduce risk, increase agility, and meet regulatory demands. This session will outline how the Isovalent Platform supports financial organizations from initial deployment to advanced enterprise microservices, ensuring secure, compliant, and scalable cloud native operations.
Attendees will learn:
- Establish reliable connectivity and hardened security for Kubernetes clusters, simplifying troubleshooting and operational management from day one
- Achieve enterprise-grade security and compliance with Zero Trust network segmentation, transparent encryption, forensic insights, and seamless SIEM integration
- Scale across multi-cloud and hybrid environments, bridging modern Kubernetes workloads with legacy infrastructure while maintaining security, observability and control
Securing the Flow of Data in the Age of AI
Rich Beckett, Product & Solution Strategy, EMEA, Netskope
Sensitive data movement is often seen as a risk, but restricting it outright can create operational and security challenges. In the era of AI, financial institutions need security frameworks that protect data while ensuring agility. This session explores how modern security strategies enable secure data flows that defend against AI risk, adapt to real-time risk signals, and turn security into an enabler for innovation with AI.
Attendees will learn:
- The importance of anchoring AI adoption in your approach to data governance and risk oversight
- How to enable data flows without introducing escalating security risks
- Why security must be adaptive to risk, user behaviour, and AI-driven interactions
This is Not a Drill - Live Cyber Incident Response Exercise
Peter Lane, Consultancy Director, Cyro Cyber
Have you ever wondered whether your incident response plans will hold up when really tested? Let’s find out.
You’ve got the playbooks and the policies… but when a major cyber incident hits, the reality rarely follows the script. In this live scenario exercise, you’ll step into the middle of a cyber incident hitting a financial services organisation. Led by award winning Consultancy Director, Peter Lane.Live and unscripted, Peter will speak with experience as to why each step and activity are so vital, and what the consequences are when there’s a missing piece of the puzzle. Get involved, learn best practice from an industry leader and hear how your peers handle those tough calls. Leave with insight. Leave with confidence. Leave better prepared.
Attendees will learn:
- Test your approach and see how others in your shoes would respond in a safe setting
- Test your instincts under pressure with other cyber leaders facing the same challenges and concerns
- Explore the blind spots that catch even the most prepared teams off guard
Complying with PRA Insider Risk Requirements: Focusing on What’s Achievable and Effective
Daniel Velez, GCITP, ITPM, CISSP, Senior Advisor, Insider Risk, Everfox
Insider risks, whether caused by negligence, compromise, or malicious intent, are receiving long-overdue attention. Financial firms in the United Kingdom (UK) supervised by the Prudential Regulation Authority (PRA) are now required to implement robust risk strategies and insider risk management systems to strengthen the operational resilience of their most critical business services.
In this session, Insider Risk Advisors will lead a practical discussion designed to help financial organisations align their insider risk strategy with PRA expectations, enabling the ability to defend against, detect, and respond to insider threats effectively. Compliance is more than deploying cybersecurity tools. It requires building a strategic, cross-functional framework that enables continuous improvement in risk posture and resilience.
Attendees will learn:
- First steps your firm can take toward PRA compliance around the requirements for Operational Resilience
- How to build a 90-day strategy that balances short-term and long-term objectives
- Why effective data collection and incident reporting can deliver unexpected business value