Agenda | AKJ Associates

08:00 - 08:50	Breakfast Networking Break
08:50 - 09:00	Chair's Welcome
09:00 - 09:20	►Implementing security controls at scale in Google Cloud Alistair Wardell, Director, Cloud Security, Deutsche Bank How we built up our cloud security controls, layer by layer What we learned on the way What we will work on next
09:20 - 09:40	►A risk-based approach to prioritizing software supply chain findings Ryan Searle, Director, Product Management, Snyk Security backlogs are growing larger each day Why traditional prioritization approaches no longer cut it How to focus on the issues that matter and prevent them earlier in the SDLC
09:40 - 10:00	►Securing the future of financial services Chantal Constable, Head of Financial Services & Insurance, NCC Group (moderator) Siân John MBE, Chief Technology Officer, NCC Group Chris Greany, Director of Security, Pay UK We’re living through a digital revolution. Artificial intelligence, quantum computing, connected devices - these technologies promise immense potential, but introduce new risks. Siân will explore the evolution of cyber security, resilience and governance over the last 25 years and how past learnings can help the UK’s financial services sector prepare for cyber risks (both known and new) in 2025 and beyond. Come away from the session knowing how to design and build a resilient digital future for your organisation.
10:00 - 10:20	►Harnessing Policy as Code for Embedding Security Controls in CI/CD Pipelines Mehran Koushkebaghi, Head of Product Security, Nationwide Building Society What is Policy-as-Code, and what are its benefits in the context of security policies? Leveraging Policy-as- Code for automating policy evaluation & enforcement in SDL Components of a Policy Enforcement System Integrating the Policy Enforcement System into the CI Pipeline How does it work in practice? A sample implementation
10:20 - 11:00	► Education Seminar 1 Delegates will be able to choose from the following education seminars: Financial Services Cyber Success – 2025 and beyond, Ketan Pyne, Pre Sales team for UK&I & Matthew Santos, Thales Group SASE, Past Present and Future – a new look at what’s important for securing today’s financial services companies, Greg Duffy, M.Eng., Product Marketing Director, EMEA, Cato Networks, on behalf of Wavenet Defending Financial Services: Stopping Sophisticated Email Threats in Their Tracks, Steven Wills, Senior Engineer, Abnormal Security
11:00 - 11:30	Networking Break
11:30 - 12:00	►What does DORA mean for cyber security within financial services Marcus Corry, Director, Tech&Ops, AFME (Moderator) Gill Fenney, Head of IT Risk Governance, Bupa Tanya Layng, Contract Lawyer, IQ-EQ James Kwaan, CIO - GS&S - Chief Security Officer, Lloyds Banking Group The uplift to banks’ cyber controls How cyber-attacks across the supply chain will in future be mitigated Information sharing with authorities as part of a firm’s response to an incident
12:00 - 12:20	►AWS Gone Wild: How Attackers Exploit Your Cloud and How to Outsmart Them Yonatan Khen, Security Research Team Leader, Hunters Uncover the anatomy of a real-world AWS attack, including credential exposure, lateral movement, privilege escalation, and persistence techniques. Discover practical strategies for detecting threats, securing IAM policies, and monitoring API access patterns to mitigate risks. Learn actionable lessons from an incident response case study to strengthen AWS defenses, tailored for cloud engineers, security analysts, and incident responders.
12:20 - 12:40	►Leveraging DORA TLPT (Threat-Led Penetration Testing) to enhance Cyber Resilience Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England How DORA TLPT aligns seamlessly with TIBER-EU, CBEST & DORA to enhance cyber risk management. Discover the benefits of an EU-standard approach to threat-led testing. See how DORA TLPT boosts readiness for live system testing. Learn how to start using DORA TLPT for ongoing cyber resilience and regulatory compliance
12:40 - 13:20	► Education Seminar 2 Delegates will be able to choose from the following education seminars: Are You Truly Secure? Answer These Three Key Questions, Brett Ayres, VP of Product, Teneo Enhancing Security Through Automation: Key Strategies and Best Practices, Leor Golan, Sales Director, Blink Ops DORA is Here: What financial firms can do now, and achieve resilience beyond compliance, Justin Kuruvilla, Chief Cybersecurity Strategist, Risk Ledger
13:20 - 14:20	Lunch & Networking Break
14:20 - 14:40	►Prioritising Cybersecurity as a Strategic Component of Resilience Praveen Singh, Head of IT Risk and Cybersecurity, ICBC Standard Bank Understanding the Critical Role of Cybersecurity in operational resilience. Strategic Integration of Cybersecurity into overall risk management and operational strategies. Understanding the investment priorities to enhance cybersecurity. Practical insights along with actionable steps for implementation
14:40 - 15:00	►What’s Next for the Internet and Financial Services in 2025: Trends, Regulations, and Cloudflare's Perspective Rory Malone, Principal, Global Privacy & Security Regulatory Compliance, Cloudflare Notable attacks and trends in 2024 against Financial Services, as seen through the Cloudflare Network. Will the Cyber Security and Resilience Bill criminalise ransomware payments? The impact of 2025’s cybersecurity, privacy, and operational resilience regulations. Insights and predictions for 2025, and how we plan to help build a better Internet.
15:00 - 15:20	►How to Manage Your Risks and Protect Your Financial Data Nick Palmer, Senior Solutions Engineer, Censys Gain insights into the evolving risk landscape, including threats from compromised third-party providers, unpatched systems, outdated technology, and data breaches. Learn strategies for effective threat response and compliance with DORA regulations using modern cybersecurity solutions. Explore how to leverage the Censys Internet Map for proactive risk identification and mitigation.
15:20 - 16:00	► Education Seminar 3 Delegates will be able to choose from the following education seminars: Room for Improvement - Securing the Financial Services with a Robust Privileged Access Management Strategy, Muhammad Ali, Cyber Security Solutions Engineer, Exponential-e Strengthening Operational Resilience: Navigating Regulatory Compliance with Gigamon, Danielle Kinsella, Technical Advisor EMEA, Gigamon on behalf of FortemIT
16:00 - 16:20	Networking Break
16:20 - 17:00	►Partnerships or Pitfalls? Mastering Third-Party Risk Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator) Orlando Fernandez, Senior Technical Specialist at the Recovery, Resolution & Resilience team, Prudential Policy Directorate, Bank of England (BoE) Peter Smith, Chief Information Security Officer, Allica Bank Michael Jefferson, Head of Financial Services Public Policy UK, Middle East, Africa and Switzerland, Amazon Web Services (AWS) Zsuzsanna Berenyi, Senior Cyber Security Third Party Risk Manager, LSEG Insights from the PRA, end-users, and suppliers on managing third-party risks Navigating the evolving regulatory landscape and its influence on third-party partnerships Strategies to identify and mitigate third-party risks Transforming strong risk management practices into a competitive edge
17:00 - 18:00	Drinks Reception & Networking Break

Education seminars

Defending Financial Services: Stopping Sophisticated Email Threats in Their Tracks

Steven Wills, Senior Engineer, Abnormal Security

The financial services industry is under constant attack from sophisticated email threats, from invoice fraud to executive impersonation and credential harvesting. Join Abnormal Security as we explore real-world examples of email attacks targeting financial services organisations and demonstrate how our advanced AI-powered solution proactively detects and stops these threats.

Attendees will learn:

Understand the Threat Landscape: Insight into the most prevalent and damaging email attacks affecting financial services today.
Real-World Case Studies: Examples of successful and thwarted attacks to highlight vulnerabilities and risks.
Achieving Operational Efficiency: Save time for IT and security teams while improving overall email security posture.

Are You Truly Secure? Answer These Three Key Questions

Brett Ayres, VP of Product, Teneo

Financial institutions face relentless and sophisticated cyber threats, creating a need for a multi-layered defence essential to safeguarding critical systems and sensitive data. This presentation introduces our three-part strategy to identify, protect, and maintain security, offering actionable insights to stay ahead of evolving risks.

Attendees will learn:

The Three Key Areas to Evaluate:

Identify: Who and what is on my network? Secure access for human and non-human identities.
Protect: Who has access to what? Manage networks securely with Aruba EdgeConnect, incorporating end-to-end segmentation and separate overlays.
Maintain: How do we stay secure? Ensure resilience through automated auditing, patch management, and validation.

Financial Services Cyber Success – 2025 and beyond

Ketan Pyne, Pre Sales team for UK&I, Thales Group
Matthew Santos, Thales Group

Compliance is not just about avoiding penalties; it’s an opportunity to build trust with customers and stakeholders. Financial institutions can enhance customer confidence, improve operational efficiency, and attract investors by demonstrating a commitment to security.
The year 2025 marks a pivotal moment for the financial services industry. The enforcement of DORA and the new PCI DSS 4.0 requirements demand a proactive and comprehensive approach to compliance and security. By addressing these challenges head-on and adopting best practices, financial institutions can meet regulatory obligations and strengthen their resilience against an ever-evolving threat landscape.
Traditional encryption used today would be vulnerable to attacks by powerful quantum computers in the near future.
By proactively transitioning to PQC algorithms now, we ensure our critical data and communication channels are secured well in advance of this potential threat.
The time to act is now!

SASE, Past Present and Future – a new look at what’s important for securing today’s financial services companies

Greg Duffy, M.Eng., Product Marketing Director, EMEA, Cato Networks, on behalf of Wavenet

SASE is the modern network and security architecture for digital businesses. But there is one fundamental requirement for SASE to be successful for today’s Financial Services companies.

What attendees will learn:

Using an example illustrating the single most important thing to get right when building a SASE service.
The four transformational impacts from getting it right.
A scary vision of what getting it wrong might look like.

Enhancing Security Through Automation: Key Strategies and Best Practices

Speaker to be announced, Blink Ops.

As cyber threats grow in sophistication and volume, organizations face mounting challenges with alert fatigue and security talent shortages. This short presentation examines how modern security automation transforms defensive capabilities through AI-powered, no-code solutions. We'll explore essential automation tools, practical implementation strategies, and high-impact use cases in threat detection, vulnerability management, and cloud security. Attendees will learn how to identify automation opportunities, design effective workflows, and measure ROI. The session concludes with actionable steps for leveraging automation to strengthen security posture while enabling teams to focus on strategic priorities.

What attendees will learn:

Security challenge & urgent need
Evolution to modern solutions
Automation implementation strategy
Measuring success

DORA is Here: What financial firms can do now, and achieve resilience beyond compliance

Justin Kuruvilla, Chief Cybersecurity Strategist, Risk Ledger

With DORA now in full force, financial institutions are facing new challenges in how they are expected to safeguard their digital supply chains. This session will explore how DORA’s enforcement affects third-party risk management, provide practical strategies for what to do next even if you are not yet fully compliant, and explore options to enhance individual firms' operational resilience and supply chain cyber security beyond DORA compliance.

Attendees will learn:

What does DORA say about TPRM and supply chain security
If you are not yet compliant, this is what you should do next
We help FS firms really improve their operational resilience and spot concentration risks and empower you, not like regulators

Strengthening Operational Resilience: Navigating Regulatory Compliance with Gigamon

Danielle Kinsella - Technical Advisor EMEA, Gigamon

Operational resilience is essential for organisations navigating mandates from the PRA, FCA, Bank of England, and new legislation such as DORA to ensure service continuity. It relies on systems that enhance visibility, control, and security across hybrid infrastructures to maintain stability, protect assets, and ensure compliance.

Attendees will Learn:
• Learn how unified visibility detects anomalies to safeguard operations.
• Explore risk management strategies to minimise downtime and protect services.
• Understand how compliance frameworks bolster stability and stakeholder confidence.

Room for Improvement - Securing the Financial Services

Attendees will learn:

The evolving threat landscape, driven by advancements in AI and the proliferation of data, demands advanced solutions. While AI-based perimeter defences have significantly strengthened security, insider threats continue to pose a critical challenge.
As highlighted by CBEST (2024), weak privileged access controls in the financial sector underscore the need for robust Privileged Access Management solutions to mitigate risks such as lateral movement and supply chain attacks.