Agenda

Chair's Welcome

►Secure by Design: Strengthening Cybersecurity in Manufacturing

Matthew Rogers, Industrial Control Systems Cybersecurity Expert, CISA

• The international focus on shifting security to the manufacturer
• Key Secure by Design principles to consider as a manufacturer and as a customer of other manufacturers in the supply chain
• Considerations for navigating out of legacy operational technology patterns when embedding security into the product
• The importance of tying together human centered design research and cybersecurity

►Securing the Supply Chain: Cyber Risk Management for Manufacturers   

Nick Palmer, Technical Lead, EMEA, Censys

• Identify and mitigate cybersecurity risks in the manufacturing supply chain
• Protect infrastructure, sensitive data, and business continuity from third-party threats
• Implement advanced security solutions for threat detection and response
• Strengthen risk communication strategies to improve supply chain resilience
   

►Fireside Chat: Cyber on Tap - Protecting the Systems Behind the Spirits

Ian Cowhig, Operating Technology Lead, Diageo 

• How do you manage cyber risk across its vendors?
• How do you stay ahead of tech changes in OT without disrupting operations?
• What’s your approach to securing legacy systems?
• How do you build cyber awareness on the factory floor?
• If you could wave a magic wand and fix one cybersecurity challenge overnight — what would it be?
   

►Adapting to New Regulations: Strengthening Product Security   

Quentyn Taylor, Senior Director – Product, Information Security and Global Incident Response - Canon Europe, Middle East and Africa

• Navigating new regulation – balancing risk mitigation with strategic opportunities
• Placing product security – where should security teams sit for maximum impact?
• Building strong teams – key steps and benefits beyond compliance

Comfort Break

►0-Day Bingo: Depth in Incident Response   

Rob Flanders, Head of Threat and Incident Response, BAE Systems

• Insights and experiences from BAE Systems on managing cyber-attacks
• Strategies for safeguarding critical infrastructure and supply chain partners
• The growing complexity of the cyber threat landscape
• Reducing the impact of incidents through proactive defence

►State of CPS Security: OT Exposures 2025

Elliot Gidley, CTO, Claroty 

Elliot delves into the new research report 'State of CPS Security: OT Exposures 2025.' The report covers 940,000-plus OT Devices Analyzed across 270 Organisations and lays out the greatest risks associated with OT and ICS beyond merely assessing the criticality of a vulnerability.

Key takeaways: 

• Prioritise Highest Risk: Redefine vulnerability management and prioritize remediation based on KEVs that are insecurely exposed to the internet and linked to ransomware
• Shift to Exposure Management: Enrich your risk assessment with known exploits, exploit prediction scores, and business impact assessments to focus on the most consequential impacts to production and narrow the effort to risks that are exploitable today
• Ensure Secure Access: Secure access is an indispensable control given the need for remote access to OT environments from employees and third parties
• Protect the Network:Network segmentation is a critical control within CPS environments
   

►Fireside chat: Beyond threat awareness to action — a necessary revolution

Simon Brady, Event Chairman, AKJ Associates
Ian Thompson, Head of Cyber Threat Intelligence, BP

• Why do organizations need to change their approach to threat management?
• How can we evolve our security strategies to incorporate threat intelligence and counter-threat tradecraft as distinct and vital elements of our overall cybersecurity efforts?
• How do we separate threat management from traditional governance and policy frameworks in practice, and why is this essential in the evolution of security strategies?
• As we can’t manage threat the same way we manage risk, how do we develop a deeper understanding of how threat actors operate and succeed?
• What specific tailored strategies for threat mitigation and management have you put in place in BP? What in your opinion, has had the biggest impact and how do you measure this? 
• What practical advice would you give to those wishing to integrate threat intelligence and counter-threat strategies into their core security mission? Where do they start? 

►Implementing CRA: Legacy Products, Components, and Compliance Obligations

David McIlwaine, Head of Cyber Practice, Pinsent Mason

• Defining Scope and Applicability for Manufacturing Operations
• Core Compliance Actions for Manufacturers
• Embedding CRA Requirements from Design to Deployment
   

Chair's Closing Remarks