Agenda

08:00 - 08:50

Registration & Networking 

08:50 - 09:00

Chairman's Welcome

09:00 - 09:20

► What good 'Cybersecurity' looks like’ to different stakeholders

Simon Goldsmith, Director for Information Security, OVO Energy

  • What does the Board mean? What does the CISO mean?
  • What do the frontline security analysts, incident responders etc think?
  •  And how do you blend all these different perspectives into a coherent cybersecurity framework?
09:20 - 09:40

► Breaking the Ransomware Attack Chain

James Maude, Lead Cyber Security Researcher, BeyondTrust 

Join BeyondTrust and learn the how you can break the attack chain and establish a solid foundation for Ransomware project success. James Maude, Lead Cyber Security Researcher, will cover:

  • Common Ransomware attack chain entry points
  • Practical steps you can take to block entry
  • How PAM ensures Ransomware project success
09:40 - 10:00

► Using the dark web to gather pre-attack intelligence

Dr Gareth Owenson, CTO, Searchlight Security 

  • Defining the pre-attack stage of a cyberattack
  • How intelligence on the pre-attack tactics of threat groups can help organisations preempt and prevent attacks
  • Real life examples of when threat groups' pre-attack reconnaissance and resource development activity could be observed in the dark web
  • How dark web intelligence can be mapped to pre-attack tactics of the MITRE ATT&CK framework to practically improve defences
10:00 - 10:20

 Fireside chat: A CISO’s Perspective on….

Simon Brady, Managing Editor, AKJ Associates & John Skipper, CISO, Metro Bank

  • How the macroeconomic downturn will affect CISOs, budgets and security
  • Dealing with the risks of state-sponsored cyberattacks and spillovers
  • Practical tips for implementing a risk-based approach to cybersecurity

 

10:20 - 11:00

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Key Considerations for Choosing the Right Cloud Email Security Platform, David Lomax, Systems Engineer, Abnormal Security 
  • Understand the technologies required for the effective and efficient detection of cyber threats to protect your organisation, Ian Dutton, Senior Sales Engineer, GateWatcher
  • Demystifying data Protection: Steps to Find, Monitor and Control Without chaos, Adrian Clark, Data Security Specialist, Imperva 
  • An Introduction to Bug Bounty Programs for Businesses, Mark Wiley, Senior Account Executive, Intigriti
  • Cookies and Spam: Exploring MFA bypass techniques used by attackers to breach SaaS applications, Chris Fuller,  Principal Product and Solutions Architect, Obsidian Security
  • Debunking Common Myths About XDR, PJ Norris, Senior Security Engineer, SentinelOne

 

11:00 - 11:30

Networking Break

11:30 - 11:50

► Senior leadership Panel: Security Technology 

Danielle Sudai, Cloud Security Operations Lead, Deliveroo; Ash Hunt, CISO, Sanne Group; Sarah Lawson, CISO, UCL; Federico Iaschi, Resilience Engineering Partner Change - Digital Security Department, Virgin Media O2

This panel will look at: 

  • Different approaches to selecting and consolidating security technologies 
  • Budget and investment questions as more vendors broaden their capabilities 
  • Replacing legacy cybersecurity technology 
  • One-stop shop versus security stack 
  • Building a continuous control environment for cybersecurity 
11:50 - 12:10

► Data doesn’t lose itself. People lose data; It’s time to change the way we protect it

Alistair Mills, Director, Sales Engineering, Northern Europe, Proofpoint

  • Insider risk and data loss prevention are a top concern for organisations today. And it makes sense, with a distributed workforce and increasing reliance on technology, legacy, on-prem DLP technology hasn’t lived up to its promises.
  • Data loss begins with people, whether negligent, compromised or malicious insiders. So, how do you better protect your organisation? 
  • In this session, you’ll gain insight into the importance understanding user risk profiles, how to better understand and respond to people-led data breaches and real-world examples and best practices to improve your data and user security 
12:10 - 12:30

► How AI Can Think Like an Attacker

Hanah Darley, Head of Threat Research, Darktrace 

  • In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised.
  • In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks.
  • Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization.
12:30 - 12:50

► Your network security stack is failing you: learn how ransomware bypasses secure web gateways

Nick Edwards, VP Product Strategy Menlo Security

  • With one third of organisations experiencing ransomware attacks at least weekly, and 9% doing so more than once a day – why are current attacks different?
  • How is ransomware bypassing network security detection from traditional security tools such as Secure Web Gateways, sandbox analysis and phishing detection solutions.
  • Reacting to the increased attack surface of hybrid work and cloud apps, what are the different approaches organisations are successfully deploying to mitigate the threat of ransomware?
12:50 - 13:30

 Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • From Asset Management to Asset Intelligence: Crossing the CAASM, Leslie Forbes, Vulnerability Management SME - EMEA, Axonius
  • Tales from the Frontline, Derek Skinner, Global Manager, Investigations, Absolute on behalf of CWSI
  • Elevating cybersecurity as a business enabler and source of competitive advantage, Carl Urban, Lead Cyber Consultant, e2e-assure
  • Hunters: The SOC of the Future, Hanan Levin, VP Sales EMEA, Hunters
  • Streamlining compliance with Zero Standing Privilege, Anthony Moillic, EMEA Field CISO, Netwrix
  • Embrace a New Kind of Security: Zero Trust Data Control, Llewellyn Wells, Solutions Consultant, Virtru

 

13:30 - 14:30

Lunch Break

16:50 - 17:10

► The Metaverse Opportunity 

David Palmer, Business Lead for Blockchain Technology, Vodafone

  • What are the key enablers for Virtual and Real Worlds to Co-exist
  • The key challenges 
  • Security, Identity, Jurisdiction, Copyright and Ownership
14:50 - 15:10

► Data Breach Incident Response – The Rest of the Iceberg

Nicholas King, CISSP Principal Solutions Consultant, Orange Cyberdefense

An alternative view on the preparation stage of Incident Response. How these activities not only help you to respond to an incident but in many ways can reduce the risk of the incident happening in the first place.

During this presentation we will explore:

  • Data Discovery and Classification
  • The Principle of Least Privilege
  • Data Life-cycle Management
  • Threat Detection

 

15:10 - 15:30

► Simplifying Security and Reducing Risk with SASE & Zero Trust

Khalid Khan, Sales Engineering Director (NEUR), Forcepoint

  • What’s the best approach in a hybrid world
  • How does SASE & Zero Trust Architecture help prevent Cyber Incidents
  • How do you show and verify positive value from a security platform

 

15:30 - 16:10

 Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

  • Why Asset Visibility is a Critical Foundation of Operational and Cyber Resilience, Anthony Smyth, Senior Director, Solution Architects EMEA, Armis
  • Threat Disruption: Securing 2022 from 2021Kenny Williams, Solution Engineer, Malwarebytes
  • A Unified Defence against Identity Sprawl Threats, Stuart Sharp, Vice President of Solution Engineering, One Identity 
  • Email Security & Brand Protection: Two Sides of the Same Coin?, Joshua Harris, Senior Customer Success Engineer, Red Sift
  • How to track your data on the Dark Web, Samet Sazak, Technical Account Manager, SOCRadar
16:10 - 16:30

Networking Break

16:30 - 16:50

► A guide to Multi/Poly Cloud Security Strategy?

Emmanuel Dahunsi, Security Architect EMEA, Goldman Sachs

  • What is Multi/Poly Cloud and what benefits do they provide?
  • What are the Security Challenges of Multi/Poly Cloud?
  • Security strategy for Multi/Poly cloud
16:50 - 17:30

► Senior leadership Panel: Security challenges

Glen Hymers, Head of Data Privacy and Compliance, Cabinet Office; Lee Whatford, CISO, Domino's Pizza; Scott Storey, Digital Information & Cyber Security Lead, Parkdean Resorts; Bev Allen, Head of Information Security Assurance, Quilter; Simon Goldsmith, Director for Information Security, OVO Energy

  • Asset inventories (devices, applications, identity, network, data) 
  • Overall technology landscape complexity
  • ‘Digital’ transformations of the business / products 
  • Testing and measuring the effectiveness of the cybersecurity control environment   
  • Incident response and problem management 
  • Ensuring the same coverage/visibility over cloud environments as on-prem  
  • Managing supply chain risk in a world less tolerant to long delays around supplier assurance (post covid) 
  • Web 3.0 and the next generation of the internet: securing new technologies and services which are inherently decentralised? 
17:30 - 18:30

Drinks Reception

18:30

Conference Close

Education seminars


Debunking Common Myths About XDR


PJ Norris, Senior Security Engineer, SentinelOne

There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (Extended Detection and Response).

Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors purporting to be knowledgeable on the subject. Join this session to find out:

 

  • What is XDR and why should I consider the technology in my enterprise security stack? 
  • What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype?
  • What are some generally accepted value statements associated with XDR?
  • Allow us to debunk a few common myths that continue to muddy the water for security teams.

An Introduction to Bug Bounty Programs for Businesses


Mark Wiley, Senior Account Executive, Intigriti

Organizations without vulnerability disclosure policies are failing to address researchers’ security warnings. The need for modern, proactive security has never been more important. A simple yet proven method to protect against cyber threats is to invite ethical hackers in. Ethical hacker communities help to keep companies’ data safe from cybercrime. But starting a collaboration with ethical hackers often begins with questions.

Join our talk for insights to help your company get started with bug bounty programs. You'll learn:

  • What bug bounty programs are
  • How companies can work with ethical hackers
  • The difference between bug bounty programs and penetration tests

Key Considerations for Choosing the Right Cloud Email Security Platform


David Lomax, Systems Engineer, Abnormal Security 

Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.

Unfortunately, email threats are only growing in number. Business email compromise accounts for 35% of all losses to cybercrime, and the Verizon Data Breach Investigations Report holds that phishing remains the top entry point for breaches—a position it has held for years.

Does that mean email is doomed, and we should give up? Quite the opposite. But the shift to cloud email requires one major thing: a shift to cloud email security.

Attend the Abnormal Security session for answers to your most pressing questions, including:

  • What are modern email threats, and how are they different from legacy attacks?
  • Which email threats are most concerning, and how can we defend against them in the cloud environment?
  • Which technical capabilities are required when protecting cloud email?
  • How can cloud email security platforms detect the most dangerous attacks?

 


Streamlining compliance with Zero Standing Privilege


Anthony Moillic, EMEA Field CISO, Netwrix

Many compliance standards require organisations to maintain control over privileged access, and this is a top area of focus by auditors and cybersecurity insurers. Although privileged accounts are a crucial part of day-to-day work for admins, most of them are only used for a short amount of time. The rest of the time they present risk in face of your next compliance audit or cybersecurity insurance assessment.


Join this session to learn:

  • How contemporary solutions reduce this risk only to some extent, while being costly and time-consuming to deploy.
  • How simply managing accounts is risk-prone and does not address the problem completely.
  • How to implement the Zero Standing Privilege approach to simplify compliance and get cybersecurity insurance coverage.

Cookies and Spam: Exploring MFA bypass techniques used by attackers to breach SaaS applications


Chris Fuller,  Principal Product and Solutions Architect, Obsidian Security

Lapsus$ gained notoriety by breaking into some of the world’s largest enterprises like EA, Microsoft and Okta. More recently, Uber and Rockstar Games suffered similar breaches. These are organisations with highly sophisticated security teams and widespread adoption of security best practices such as MFA, so how are attackers gaining access?

 

 In the wild, crude techniques such as “MFA prompt spamming” and more advanced methods such as reverse phishing proxies can help motivated attack groups access sensitive data. This session will explore some of those techniques and discuss mitigation strategies in the context of SaaS applications.

  • Explore how session hijacking helps attackers bypass MFA and see how this data is sold in underground forums
  • See how attackers use session hijacking to intercept tokens and bypass MFA in a live demo
  • Learn how to identify and mitigate token compromise in SaaS applications

Embrace a New Kind of Security: Zero Trust Data Control


Llewellyn Wells, Solutions Consultant, Virtru

The digital world is now perimeter-less and the practice of cybersecurity is rapidly shifting from centralised, to decentralised policy controls. Up until now, Zero Trust security initiatives have focused primarily on identities, devices, networks, and apps. But what about data? Data is everyone’s most valuable resource and what every attacker is after. It’s constantly on the move - being downloaded, shared, copied, and modified. You can’t afford to lock it down, and you can’t afford to lose control of it

Join Virtru as we discuss:

  • The importance of Zero Trust Data Control (ZTDC)
  • The benefits of adding policy controls that are capable of following data regardless of where it goes or how it is used
  • How you can rethink your cybersecurity stack with data at the core to protect your organisation’s most important asset and prepare yourself to manage future cyber threats.

 


A Unified Defence against Identity Sprawl Threats


Stuart Sharp, Vice President of Solution Engineering, One Identity 

  • The role of AI in dynamic threat response
  • The value of consolidating Identity Management and Security functions to one integrated platform
  • Closing security gaps via integrated risk flows

 


Demystifying data Protection: Steps to Find, Monitor and Control Without chaos


Adrian Clark, Data Security Specialist, Imperva 

Data security is one of the most complex security challenges to modern business. Leaders faced with structured, unstructured, and now, semistructured data have the herculean task of defending their data, while staying compliant with a litany of regional and global regulations. In this session, Adrian Clark will demystify some best practices in finding, monitoring, and controlling data regardless of where it lives. Walk away with steps you can take to secure your data without an army of people, a vault of cash, or a Ph.D.


Attendees will:

 

  • Learn the difference between structured, unstructured and semistructured data.
  • Understand why you should not simply monitor your most critical data when most breeches occur in areas where the stakes are much lower and the entry points are much easier to gain access to.
  • Discover why real time security is too slow and why data classification should come second to monitoring when you begin a security overhaul.

HOW TO TRACK YOUR DATA ON THE DARK WEB


Samet Sazak, Technical Account Manager, SOCRadar

As the most extensive worldwide system that stores information on everything (and almost everyone), the Internet comprises three distinct layers: the visible, the deep, and the dark web. Some layers contain significantly more information than others. The Internet is becoming more complicated, but it is also daunting. Given how little we know and how little control we have, it is fair to feel apprehensive, particularly when we encounter news and stories concerning the Dark Web. We automatically identify this menacing term with anything dangerous.

 

In this seminar you'll learn how to:

 

  • How to find out if your important data has been breached
  • The risks associated with that data falling into the wrong hands
  • Which markets, forums, and other corners of the dark web are most relevant right now
  • How to use intelligence to protect against credential leakage, data breaches, and ransomware attacks

From Asset Management to Asset Intelligence: Crossing the CAASM


Leslie Forbes, Vulnerability Management SME - EMEA, Axonius

As the sprawl of devices, device types, and solutions continues to skyrocket, environments only grow more complex. But there’s good news: asset management has evolved. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, always up-to-date view into all assets via integrations of existing tools, data correlation at scale, and querying capabilities to find and respond to gaps.

Join this session to learn how asset intelligence and the emerging Cyber Asset Attack Surface Management (CAASM) category;

  • improves security hygiene
  • reduces manual work
  • remediates gaps.

 


Hunters: The SOC of the Future


Hanan Levin, VP Sales EMEA, Hunters

Join Hunters to explore the key trends and paradigm shifts in data, detection and investigation, within the ever changing world of SOCs.

  • Find out how you can increase data retention whilst reducing your costs, through using built-in-detection and automation in your SOC platform. 

Understand the technologies required for the effective and efficient detection of cyber threats to protect your organisation


Ian Dutton, Senior Sales Engineer, GateWatcher

  • Providing a 360 degree view
  • What complementary detection technologies should you deploy
  • Detecting low noise advanced attacks, including APT’s and zero days

Elevating cybersecurity as a business enabler and source of competitive advantage


Carl Urban, Lead Cyber Consultant, e2e-assure

In this session, Carl will be discussing a paradigm shift in how organisations think of cybersecurity, to bring further business benefits above and beyond just being more secure. He’ll be bringing together insights from recent conversations with customers, partners and industry experts as well as practical examples from industry on how to make this shift and give your organisation an additional element of competitive advantage over the competition.

  • Foundations for effective cybersecurity, including building the right culture
  • Effective communication with board members
  • Building trust through transparent communications
  • Benefits to organisations of viewing cybersecurity as more than just a cost centre
  • How organisations can make cybersecurity a new source of competitive advantage

Tales from the Frontline


Derek Skinner, Global Manager, Investigations, Absolute on behalf of CWSI

  • How to enable the modern frontline policing
  • Securing and managing the mobile fleet – who are still the weakest links
  • Real-life private investigation scenarios brought to life

Email Security & Brand Protection: Two Sides of the Same Coin?


Joshua Harris, Senior Customer Success Engineer, Red Sift

  • The changing nature of impersonation attacks and domain abuse, and how fraudsters are achieving their goals
  • What steps organisations can take to protect themselves now and for the future
  • How organisations are defending their brands against impersonation while building consumer confidence and positively influencing buyer behaviours

Why Asset Visibility is a Critical Foundation of Operational and Cyber Resilience


Anthony Smyth, Senior Director, Solution Architects EMEA, Armis

Having complete and continually up to date visibility into your connected devices, is the platform on which to assess and build your cyber security posture. Which can include:

  • Ensure Compliance with security standards and regulation
  • Optimise the security tools within your environment
  • Ability to Prioritise Vulnerability Management

Threat Disruption: Securing 2022 from 2021


Kenny Williams, Solution Engineer, Malwarebytes

In this presentation dive into the latest threat intelligence to

 

  • Understand how COVID-19 caused a disruption of cybercrime that not only changed the trajectory of the landscape well into 2022 but shifted how we fight attacks today.
  • Find out how global law enforcement has shifted the players in ransomware
  • Learn the most effective defence strategies to beef up your network security against emerging threats.