08:00 - 08:55

Breakfast Networking 

08:55 - 09:00

Chairman's Welcome 

09:00 - 09:20

►Two Cases for Measuring Cyber Risk Appetite 

Simon Collins, Director, Head of Cybersecurity, Allianz Global Investors & Brian Cooke, CISO, Permanent TSB

  • Join this session to hear two alternative approaches to measuring cyber risk appetite. 
  • One approach will focus on the sophistication of the attackers, the other will be based on key risk indicators.
  • Both approaches will be explored, followed by a discussion of the strengths and challenges of each.


09:20 - 09:40

► Navigating Enterprise Security in a Post-Compromise Reality

Jamie Moles, Senior Security Engineer, ExtraHop

  • Every organization gets compromised - it’s how you fast you detect and respond to an incident that counts.
  • This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the attack surface and complicated the job of security professionals.
  • We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or an incident from becoming a full-scale data breach.
09:40 - 10:00

► Q1 2021 Top Vulnerabilities Landscape

Jason Steer, Director of EMEA Presales, Recorded Future 

  • Why Q1 2021 had the highest high risk vulnerabilities since our report began
  • Why your supply chain is your achilles heel
  • Why COVID continues to shape the vulnerability landscape
10:00 - 10:20

►To Resiliency and Beyond!

Steve Brown, Director, Cybersecurity, Mastercard

  • Increasingly complex networks of business relationships are exposing participants to systemic operation risk.
  • As a result, our national security, public safety and economic growth are being exposed to major disruption. 
  • In this session, see how Mastercard is delivering trust through an approach that quantifies, automates and prioritizes risk to build cyber resilience and trust throughout the connected digital economy. 
10:20 - 10:50

►Education Seminars 1

Delegates will be able to choose from the following:

  • Solving the cloud identity challenge, Karl Lankford, Director, Solutions Engineering, BeyondTrust 
  • Revolutionising cybersecurity training for your enterprise defence teams, Rupert Collier, VP Sales – EMEA and APAC, Rangeforce
  • DORA: why future proofing email security is essential, Dr. Rois Ni Thuama, Head of Cyber Governance, Red Sift


10:50 - 11:20

Break and Networking 

11:20 - 11:40

Delegates will be able to choose from the following topics:

► Slips, Lapses and Mistakes - What Your Security Awareness Programme Can't Fix

John Scott, Head of Security Awareness, Bank of England

  • Everyone knows by now not to click a suspicious email or to open a dodgy looking attachment. So why does it keep happening?
  • This session will draw on the fields of Health and Safety and behavioural psychology to understand why teaching people what to do doesn't always help, and what you can do to make your awareness programme more effective. 


►Why Maintaining an On-Prem Paradigm in the Cloud Will Not Work

Luke Hebbes, Head of Risk and Cybersecurity, HSBC

  • Banks used to be about the safe storage of your money and valuables, with physical safes and cash. Now the vast majority of transactions are electronic and banks (and other FS companies) are primarily technology companies. This was a different approach and requires a different mindset.
  • The technology doesn’t isn’t the same and the models don’t work: addressing the switch from on-prem to the cloud.  
  • Rapid adoption of SaaS and cloud can cause issues with unstructured data. How do you provide Data Integrity and full lifecycle data management in the cloud and prove it to the regulators/auditors?
  • What in your threat model that indicates managing your own keys for a SaaS system is significantly reducing your risk?
  • Addressing issues that appear when moving from a  quarterly release cycle to cloud  technologies and agile development with multiple intra-day releases.


11:40 - 12:00

► Identity Focused Security: Why start with identity when mitigating risks.

Matt Bailey, Platform Specialist at Okta

  • Identity Focused Security and how identity is foundational to the financial services industry
  • Why you should start with Identity when mitigating security risks 
  • Key challenges we face today from remote working to the rise in bad actors


12:00 - 12:20

► Cyber-intelligence Empowering IT Security Audit for Financial Systems

Chris Strand, Chief Compliance Officer, IntSights

  • What is Cyber Threat Intelligence (CTI) and why is it important to the Financial Services Industry.
  • How to use CTI to prioritize financial system security gaps and enhance security posture.
  • How your business Digital Footprint can help predict targeted threat patterns.
  • Understand how to use CTI findings to accelerate risk assessment and data privacy adherence through real examples from the field.
12:20 - 12:40

► Avoid Playing Whack-a-Mole with your Cloud Security

Joe Robertson, EMEA CISO, Fortinet

  • Cybersecurity for financial institutions in the new normal must solve an equation with multiple variables, lots of unknowns, and adversaries that can pop up anywhere
  • Users and customers can pop up anywhere too – in a branch, in an office, at home, on the go.
  • Ditto applications: they can move from the datacentre to a cloud to another cloud, and a single query can bounce around like a pinball.
  • This session will cover what is needed for a flexible cybersecurity strategy and how an agile and consistent multi-cloud strategy can protect you today and tomorrow.
12:40 - 13:10

► Education Seminars 2

Delegates will be able to choose from the following: 

  • Privileged Access Management Challenges When Moving to the Cloud, Nick Colin, Regional Sales Director – EMEA, UK&I, Centrify 
  • Detection and response strategies for cloud security incidents, Daniel Crossley, Sales Engineering Manager, LogRhythm
  • How the Financial Services sector can benefit from secure digital communication, Rick Goud, CIO, Zivver


13:10 - 14:00

Lunch and Networking 

16:10 - 16:30

► Cybersecurity isn't Just Doom and Gloom

Jerome Walter, CISO, Digital Venture, Standard Chartered Bank 

  • Over the last 10 years, the transformation brought about by Agile development, Cloud technologies and DevOps has created a number of opportunities for security to rethink and implement new cyber hygiene strategies without slowing down the enterprise
  • See how the IDEAS architecture framework helps reconcile security and innovation
  • Exploring key metrics that help drive better organisational outcomes
  • How new practices are emerging to enable continuous verification and collective learnings
14:20 - 14:40

► Insider Risk: A CISO Imperative

Rob Bolton, Sr Director Intl at Information Protection, Proofpoint

  • Data doesn’t lose itself. People’s actions whether negligent, compromised, or malicious are #1 cause of data related breaches
  • Legacy tools miss early signs of data and insider risks and can’t provide granular user context yet cause alert fatigue - costing firms $11.45M annually.
  • Drawing insights from past breaches, we will explore effective pragmatic practices to mitigate exposure and insider risk across your organisation.
14:40 - 15:00

► Banking on Cyber AI: Neutralizing Threats Before Cyber-Attackers Strike Gold

Mariana Pereira, Director of Email Security Products, Darktrace

  • We discuss, how advanced cyber defense technology protects the entire digital estate in high-risk environments
  • Learn how Cyber AI thwarted a spoofed Chase Fraud alert aimed at gathering information for fraudulent transactions
  • Discover how attackers are set to supercharge social engineering techniques with offensive AI
15:00 - 15:30

Education Seminars 3

Delegates will be able to choose from the following:

  • Why SASE is primed to secure the evolution of finserv,Tom McVey, Solution Architect, Menlo Security
  • 5 Steps to Overcome Data Overload, Nick Pavlichek, Product Manager, OneTrust 
  • Ensure True Privacy in the Cloud with Data-Centric Protection, Rob McDonald, SVP of Platform & Mark Williams, Customer Success, EMEA, Virtru 
15:30 - 16:00

Break and Networking 

16:00 - 16:20

► Customer Digital Identity in the Financial Services

Martin Ingram, Product Owner, Identity and Access Management, Natwest Group

  • What is a Customer Digital Identity?
  • What are the benefits for both customers and the business?
  • How does Customer Digital Identity change identity and access management in FS firms?
16:20 - 16:40

► Securing Fintech Organisations

The tendency for global banks to move their infrastructure to the cloud has much of its origin in the pressure exerted by the fintech upstarts who have revolutionised the financial services across the past decade. Finance is changing, and at the forefront of this change are digital native, cloud-first, data driven organisations. How, then, is the fintech vanguard protecting its crown jewels?

  • Philip Edwards, Director, Global Head of Security, Revolut
  • Tiago Rosado, Head of Cybersecurity, Curve
16:40 - 17:00

► Are you Cyber Insurance Friendly?

Laure Zicry, Head of Cyber Insurance Western Europe, Willis Towers Watson

  • State of the Cyber Insurance Market
  • Trends in claims
  • Be prepared for an underwriting meeting
17:00 - 17:05

Closing Remarks 

17:05 - 17:30

Break and Networking


Conference Close 

Education seminars

Solving the cloud identity challenge

Karl Lankford, Director, Solutions Engineering, BeyondTrust 

Today, many financial services organizations rely on multiple cloud services with their end users regularly consuming dozens, or even hundreds, of different SaaS applications. This great cloud migration has successfully enabled the increase in remote working and is accelerating digital transformation initiatives. But, more clouds also means more challenges. In addition to the fundamental cloud security issues, there’s the additional complexity and interoperability issues arising from siloed identity stores, native toolsets, and conflicting shared responsibility models between cloud providers, creating an expanded attack surface that organisations need to address. 

The identity challenge is the most important security problem for organisations to solve and is best accomplished by standardizing the management and security controls across the entire IT ecosystem. Join this session to learn:  

  • The most pressing cloud security risks  
  • Where native toolsets leave gaps in security that you must address  
  • How to implement 7 cloud security best practices with privileged access management (PAM) to vastly decrease your likelihood and scope of a cloud-related breach

How the Financial Services sector benefits from secure digital communication

Rick Goud, CIO, Zivver

Organisations of all sizes have been accelerating their digital communication efforts, especially since the onset of COVID-19 and the shift to remote working. A common misconception is that digital security is complex, intricate and will require many changes in the way people work. But organisations struggle to combine security with usability, and they need both to reap the benefits of digital communication in terms of efficiency, higher customer engagement and satisfaction.

  • A sharing of experiences of how COVID-19 accelerated the need for digital communication, and the challenges that brings
  • Examples of how the right secure digital communication tools can lower your costs, increase efficiency, and improve stakeholder satisfaction
  • Gain insight and perspective into international financial services organisations who have successfully embraced digital communications and achieved better risk mitigation, cost control and adoption
  • Key takeaways: Resources to better equip yourself, your team, as well as your citizens, residents and patients in how to reap the benefits of secure digital communication both now, and in the future

Detection and response strategies for cloud security incidents

Daniel Crossley, Sales Engineering Manager, LogRhythm

Join Daniel Crossley, LogRhythm, Sales Engineering Manager, UK, to discover common security incidents that happen in AWS environments and gain helpful tips for detecting and responding to them.

In this session you will learn:

  • Common security incident types in AWS
  • The various log types in AWS
  • Helpful response strategies

5 Steps to Overcome Data Overload

Nick Pavlichek, Product Manager, OneTrust 

Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time.

Exploring your data universe can be an overwhelming exercise, giving you more information than you know what to do within certain circumstances. Using careful data classification methods and flexible risk formulas, organizations can map information to harness real-time updates through a data discovery engine to fuel and standardize risk at scale with the latest information. 

In this webinar, we’ll review you can quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights. 

Attend to learn: 

  • Identify data across business applications for the latest risk insights. 
  • Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams 
  • Explore a new way aggregate and standardize risk using real-time data points


Revolutionising cybersecurity training for your enterprise defence teams

Rupert Collier, VP Sales – EMEA and APAC, Rangeforce ​​​​​​

Continuous professional development is crucial to keeping technically focussed teams ahead of the game. CISOs, VPs and Team Leads must also be able to monitor and assess skill levels within those teams, in order to identify any possible coverage gaps that could represent a threat to the organisation. They also need to ensure incident response best practices remain fit for purpose and that everyone can execute their role in the event of an emergency. In this seminar you will learn:

  • …how cyber-defenders can continue to acquire and hone their skills entirely through a browser but still in a hands-on fashion.
  • …how they can learn essential real-world skills in real networks and real VMs. From security operations to forensics to secure DevOps, modules cover a breadth of mission-critical topics.
  • …how users learn to defend against advanced attacks, quickly recognise and fix vulnerabilities and develop muscle memory in how best to react when it happens in the real world.
  • …how actionable insights and metrics about performance and skill levels of team members can help identify the cybersecurity superstars, both already in your organisation and amongst those that may want to join.
  • …how a combination of self-paced learning together with pressurised group exercises is the best way to prepare your teams for every eventuality – at a fraction of the cost of traditional learning.

Ensure True Privacy in the Cloud with Data-Centric Protection

Rob McDonald, SVP of Platform & Mark Williams, Customer Success, EMEA, Virtru 

There’s no argument as to the benefits of the Cloud - ability to scale easily, improved productivity, heightened collaboration fuelling innovation, growth and seamless customer experience. But whatever stage of the Cloud journey you are on, one constant remains - how do you ensure that sensitive data that demands privacy - investor and banking PII, corporate IP - remains private and secure, and protected from unauthorized access (including your cloud provider) wherever it is shared and stored?

Join this session to understand how by adopting a data-centric security strategy, you can protect and control access to the data itself - everywhere it travels.

  • Differences between traditional, perimeter-focused data security policies and data-centric protection
  • How to implement a data-centric strategy that supports compliance and data sovereignty needs.
  • How to empower employees to collaborate in the cloud with seamless and secure sharing

DORA: Why future proofing email security is essential.

Dr. Rois Ni Thuama, Head of Cyber Governance, Red Sift.

The EU has recently proposed the Digital Operational Resilience Act (DORA), aimed at improving security standards within the financial sector. Scheduled to become law as early as September 2021, it means that financial entities must ‘address any reasonably identifiable circumstance in relation to the use of network and information systems’. But what does this mean in practice, and will these measures really help to protect firms? 

In this session, Dr. Rois Ni Thuama makes the case that DORA is a force for good and will help businesses to make better decisions, faster. 

Dr. Rois Ni Thuama will cover: 

  • Current cyberthreats within the financial industry
  • Due diligence and its positive correlation with business efficiency
  • Why DMARC is necessary for protecting business email

Privileged Access Management Challenges When Moving to the Cloud

Nick Colin, Regional Sales Director – EMEA, UK&I, Centrify 

Only a few years ago Financial Services were wedded to the perceived security and ownership of on premise infrastructure. Times have changed. Now many organisations are cloud first. However much of the on premises infrastructure will remain for many years to come. Moreover, with multiple cloud providers often being the normal this adds further complexity to the management and security of the entire estate.

To fully benefit from rapid technological transformation, it is imperative that enterprises embrace strategies for safeguarding their infrastructure and services both during and after cloud migration. In this session, we will discuss common challenges and the tools and strategies IT and security leaders are finding most effective for managing a secure transformation to the cloud.

  • Managing security in a hybrid environment presents challenges that on premise Vaults are not able to manage effectively.
  • Identity remains one of the few aspects that an organisation retains control over in the cloud.
  • Leveraging Identity for effective Privilege Access Management in he multi cloud hybrid world delivers the best blend of secure access methods.


Why SASE is primed to secure the evolution of finserv

Tom McVey, Solution Architect, Menlo Security

Few industries have changed as dramatically as financial services (finserv) in the last decade. Banking and financial transactions were once an exclusively in-person process, but today the vast majority of customers conduct their financial affairs digitally. Additionally, finserv employees are highly dependent on websites and cloud or SaaS apps to perform their jobs, putting increased pressure on the security and reliability of these systems. To address the challenges presented by both a distributed workforce and accelerated digital transformation initiatives, there’s a movement spurring on the adoption of secure access service edge (SASE) architecture, which assures cloud security with any new deployments. 

Join this session to understand more about why this forward-thinking framework is considered key to converging the network and security functions within finserv organizations today. 

What you will learn:

  • Key insights and considerations on protecting employee productivity, preventing attacks, and optimizing security operations for a distributed workforce
  • Why the fundamentals of SASE matter to the future of networking and security
  • How modern cloud-first solutions are critical to delivering on the promise of SASE security