Agenda
Presentations already confirmed include:
►From Threat Landscape to Defence How to Supercharge your Cyber Threat Intelligence Approach
James Kwaan, CIO - GS&S, Lloyds Banking Group
- What the current threat landscape is based on breaches, data, and the associated risk
- Diving Deeper - How to practically exploit MITRE tools to help in your defence to meet the threat
- How to process threat intelligence into MITRE ATT&CK
- How to deal with insider threat
- How to predict adversary tactics
- How to measure your CTI maturity
►The Intelligence Revolution: Thoughts on AI Innovation and Impact | Reviewing Artificial Intelligence in 2025 for Security Leaders
Jill Robertson, Former Deputy CISO Metro Bank & Independent Consultant
- AI Landscape and real world impact
- Where this could go and why we should care
- Staying informed and inspired
►Inside the Mind of the Adversary: Offensive Innovation and the Future of Cyber Threats
Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England
Dhruv Bisani, Head of Adversarial Attack Simulations, Starling Bank
William Dixon, Associate Fellow, Royal United Services Institute Senior Technology Cyber Fellow, The Ukraine Foundation
- How modern threat actors are using AI, supply chain compromises, and "living-off-the-land" tactics to evade detection and extend their presence
- What simulated attacks uncover that real-world breaches often miss—and where enterprise defenses most frequently break down
- From social engineering to credential stuffing and zero-click exploits: the methods adversaries use to slip past perimeter defenses and establish control
- What hackers see as tomorrow’s easiest targets—quantum-era risks, edge/IoT vulnerabilities, and deepfake-powered social engineering
►Guarding the Gates You Don’t Control: Third-Party Threats and the Expanding Perimeter
Federico Iaschi, Information Security Director, Starling Bank
- How do you assess and prioritise cyber risk across your third-party ecosystem?
- What contractual, technical, or governance mechanisms have proven most effective in enforcing cybersecurity standards among your vendors?
- With regulators placing increasing focus on third-party risk (e.g., DORA, SEC, OCC guidance), how are you aligning compliance efforts with operational risk management?
- How do you ensure your organisation is prepared to respond to a cyber incident originating from a key third-party or cloud provider?
►Panel Discussion: The Quantum Threat Timeline: Migration Challenges and Strategic Planning
Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
William Dixon, Associate Fellow, Royal United Services Institute Senior Technology Cyber Fellow, The Ukraine Foundation
- What is the current state of quantum computing and how soon must financial institutions act to mitigate quantum threats?
- What are the real-world implications of transitioning to quantum-resistant algorithms?
- How can organisations build roadmaps that align with regulatory and operational realities?
►Securing GenAI: Our Journey & Lessons Learned
Ali Shepherd, Director of Cyber & Operational Resilience (CISO), FCA
- Balancing Innovation and Risk
- Embedding Responsible AI
- Addressing novel risks and threats
►Safeguarding Your Enterprise: Addressing Human and Insider Risks in Data Loss Prevention
Henry Glynn, Cyber Security Solutions Specialist, Bytes
James Burchell, Sales Engineering Manager, Crowdstrike
Khetan Gajjar, Manager of Sales Engineering, Mimecast
- Addressing both accidental and malicious data loss
- The importance of managing human risk and insider threats
- How to enhance user awareness to prevent accidental data loss
- Securing collaborative platforms to prevent data breaches
- Ensuring compliance with regulatory requirements to mitigate risks
- Detecting anomalous user behaviour to identify potential insider threats and prevent malicious data loss
Education seminars
AI Is Eating Your SDLC: Why It’s Time to Break Up With SAST (Just a Little)
James Fenton, Senior Regional Sales Manager UK, Contrast Security
John Wood, Leader, Next-Gen Application Security, Contrast Security
In a world where AI accelerates software development and attackers exploit production logic in real time, financial institutions face a widening gap between risk and reality. The traditional AppSec playbook—scan early, scan often, drown in results—no longer scales. In this interactive session, John Wood and James Fenton unpack how Application Detection and Response (ADR) gives financial services a new way to think about application security-one that’s real-time, risk-aligned, and finally developer-friendly. We’ll share stories from the field, bust a few myths about shift-left security, and offer a practical framework for CISOs and architects to rethink where and how they apply controls in an AI-native SDLC.
Attendees will learn:
- A clearer understanding of what ADR is (and isn’t)
- Practical guidance for reducing noise, closing legacy gaps, and defending Tier 2/3 apps
- A security narrative that developers, risk officers, and regulators can finally agree on
Building Secure and Scalable Financial Services: The Isovalent Approach to Cloud Native Transformation
Raymond de Jong, EMEA Field CTO, Isovalent
As financial services accelerate their cloud native adoption, security, compliance, and operational excellence become critical at every stage of the journey. The Isovalent Platform, powered by Cilium and eBPF, delivers a unified approach to networking, security, and observability for Kubernetes environments - enabling financial institutions to reduce risk, increase agility, and meet regulatory demands. This session will outline how the Isovalent Platform supports financial organizations from initial deployment to advanced enterprise microservices, ensuring secure, compliant, and scalable cloud native operations.
Attendees will learn:
- Establish reliable connectivity and hardened security for Kubernetes clusters, simplifying troubleshooting and operational management from day one
- Achieve enterprise-grade security and compliance with Zero Trust network segmentation, transparent encryption, forensic insights, and seamless SIEM integration
- Scale across multi-cloud and hybrid environments, bridging modern Kubernetes workloads with legacy infrastructure while maintaining security, observability and control