|08:00 - 08:50||
Registration & Networking
|08:50 - 09:00||
|09:00 - 09:20||
► What good 'Cybersecurity' looks like’ to different stakeholders
Simon Goldsmith, Director for Information Security, OVO Energy
|09:20 - 09:40||
► Breaking the Ransomware Attack Chain
James Maude, Lead Cyber Security Researcher, BeyondTrust
Join BeyondTrust and learn the how you can break the attack chain and establish a solid foundation for Ransomware project success. James Maude, Lead Cyber Security Researcher, will cover:
|09:40 - 10:00||
► Using the dark web to gather pre-attack intelligence
Dr Gareth Owenson, CTO, Searchlight Security
|10:00 - 10:20||
► Fireside chat: A CISO’s Perspective on….
Simon Brady, Managing Editor, AKJ Associates & John Skipper, CISO, Metro Bank
|10:20 - 11:00||
► Education Seminar Session 1
Delegates will be able to choose from the following education seminars:
|11:00 - 11:30||
|11:30 - 11:50||
► Senior leadership Panel: Security Technology
Danielle Sudai, Cloud Security Operations Lead, Deliveroo; Ash Hunt, CISO, Sanne Group; Sarah Lawson, CISO, UCL; Federico Iaschi, Resilience Engineering Partner Change - Digital Security Department, Virgin Media O2
This panel will look at:
|11:50 - 12:10||
► Data doesn’t lose itself. People lose data; It’s time to change the way we protect it
Alistair Mills, Director, Sales Engineering, Northern Europe, Proofpoint
|12:10 - 12:30||
► How AI Can Think Like an Attacker
Hanah Darley, Head of Threat Research, Darktrace
|12:30 - 12:50||
► Your network security stack is failing you: learn how ransomware bypasses secure web gateways
Nick Edwards, VP Product Strategy Menlo Security
|12:50 - 13:30||
► Education Seminar Session 2
Delegates will be able to choose from the following education seminars:
|13:30 - 14:30||
|16:50 - 17:10||
► The Metaverse Opportunity
David Palmer, Business Lead for Blockchain Technology, Vodafone
|14:50 - 15:10||
► Data Breach Incident Response – The Rest of the Iceberg
Nicholas King, CISSP Principal Solutions Consultant, Orange Cyberdefense
An alternative view on the preparation stage of Incident Response. How these activities not only help you to respond to an incident but in many ways can reduce the risk of the incident happening in the first place.
During this presentation we will explore:
|15:10 - 15:30||
► Simplifying Security and Reducing Risk with SASE & Zero Trust
Khalid Khan, Sales Engineering Director (NEUR), Forcepoint
|15:30 - 16:10||
► Education Seminar Session 3
Delegates will be able to choose from the following education seminars:
|16:10 - 16:30||
|16:30 - 16:50||
► A guide to Multi/Poly Cloud Security Strategy?
Emmanuel Dahunsi, Security Architect EMEA, Goldman Sachs
|16:50 - 17:30||
► Senior leadership Panel: Security challenges
Glen Hymers, Head of Data Privacy and Compliance, Cabinet Office; Lee Whatford, CISO, Domino's Pizza; Scott Storey, Digital Information & Cyber Security Lead, Parkdean Resorts; Bev Allen, Head of Information Security Assurance, Quilter; Simon Goldsmith, Director for Information Security, OVO Energy
|17:30 - 18:30||
Debunking Common Myths About XDR
PJ Norris, Senior Security Engineer, SentinelOne
There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (Extended Detection and Response).
Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors purporting to be knowledgeable on the subject. Join this session to find out:
- What is XDR and why should I consider the technology in my enterprise security stack?
- What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype?
- What are some generally accepted value statements associated with XDR?
- Allow us to debunk a few common myths that continue to muddy the water for security teams.
An Introduction to Bug Bounty Programs for Businesses
Mark Wiley, Senior Account Executive, Intigriti
Organizations without vulnerability disclosure policies are failing to address researchers’ security warnings. The need for modern, proactive security has never been more important. A simple yet proven method to protect against cyber threats is to invite ethical hackers in. Ethical hacker communities help to keep companies’ data safe from cybercrime. But starting a collaboration with ethical hackers often begins with questions.
Join our talk for insights to help your company get started with bug bounty programs. You'll learn:
- What bug bounty programs are
- How companies can work with ethical hackers
- The difference between bug bounty programs and penetration tests
Key Considerations for Choosing the Right Cloud Email Security Platform
David Lomax, Systems Engineer, Abnormal Security
Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.
Unfortunately, email threats are only growing in number. Business email compromise accounts for 35% of all losses to cybercrime, and the Verizon Data Breach Investigations Report holds that phishing remains the top entry point for breaches—a position it has held for years.
Does that mean email is doomed, and we should give up? Quite the opposite. But the shift to cloud email requires one major thing: a shift to cloud email security.
Attend the Abnormal Security session for answers to your most pressing questions, including:
- What are modern email threats, and how are they different from legacy attacks?
- Which email threats are most concerning, and how can we defend against them in the cloud environment?
- Which technical capabilities are required when protecting cloud email?
- How can cloud email security platforms detect the most dangerous attacks?
Streamlining compliance with Zero Standing Privilege
Anthony Moillic, EMEA Field CISO, Netwrix
Many compliance standards require organisations to maintain control over privileged access, and this is a top area of focus by auditors and cybersecurity insurers. Although privileged accounts are a crucial part of day-to-day work for admins, most of them are only used for a short amount of time. The rest of the time they present risk in face of your next compliance audit or cybersecurity insurance assessment.
Join this session to learn:
- How contemporary solutions reduce this risk only to some extent, while being costly and time-consuming to deploy.
- How simply managing accounts is risk-prone and does not address the problem completely.
- How to implement the Zero Standing Privilege approach to simplify compliance and get cybersecurity insurance coverage.
Cookies and Spam: Exploring MFA bypass techniques used by attackers to breach SaaS applications
Chris Fuller, Principal Product and Solutions Architect, Obsidian Security
Lapsus$ gained notoriety by breaking into some of the world’s largest enterprises like EA, Microsoft and Okta. More recently, Uber and Rockstar Games suffered similar breaches. These are organisations with highly sophisticated security teams and widespread adoption of security best practices such as MFA, so how are attackers gaining access?
In the wild, crude techniques such as “MFA prompt spamming” and more advanced methods such as reverse phishing proxies can help motivated attack groups access sensitive data. This session will explore some of those techniques and discuss mitigation strategies in the context of SaaS applications.
- Explore how session hijacking helps attackers bypass MFA and see how this data is sold in underground forums
- See how attackers use session hijacking to intercept tokens and bypass MFA in a live demo
- Learn how to identify and mitigate token compromise in SaaS applications
Embrace a New Kind of Security: Zero Trust Data Control
Llewellyn Wells, Solutions Consultant, Virtru
The digital world is now perimeter-less and the practice of cybersecurity is rapidly shifting from centralised, to decentralised policy controls. Up until now, Zero Trust security initiatives have focused primarily on identities, devices, networks, and apps. But what about data? Data is everyone’s most valuable resource and what every attacker is after. It’s constantly on the move - being downloaded, shared, copied, and modified. You can’t afford to lock it down, and you can’t afford to lose control of it
Join Virtru as we discuss:
- The importance of Zero Trust Data Control (ZTDC)
- The benefits of adding policy controls that are capable of following data regardless of where it goes or how it is used
- How you can rethink your cybersecurity stack with data at the core to protect your organisation’s most important asset and prepare yourself to manage future cyber threats.
A Unified Defence against Identity Sprawl Threats
Stuart Sharp, Vice President of Solution Engineering, One Identity
- The role of AI in dynamic threat response
- The value of consolidating Identity Management and Security functions to one integrated platform
- Closing security gaps via integrated risk flows
Demystifying data Protection: Steps to Find, Monitor and Control Without chaos
Adrian Clark, Data Security Specialist, Imperva
Data security is one of the most complex security challenges to modern business. Leaders faced with structured, unstructured, and now, semistructured data have the herculean task of defending their data, while staying compliant with a litany of regional and global regulations. In this session, Adrian Clark will demystify some best practices in finding, monitoring, and controlling data regardless of where it lives. Walk away with steps you can take to secure your data without an army of people, a vault of cash, or a Ph.D.
- Learn the difference between structured, unstructured and semistructured data.
- Understand why you should not simply monitor your most critical data when most breeches occur in areas where the stakes are much lower and the entry points are much easier to gain access to.
- Discover why real time security is too slow and why data classification should come second to monitoring when you begin a security overhaul.
HOW TO TRACK YOUR DATA ON THE DARK WEB
Samet Sazak, Technical Account Manager, SOCRadar
As the most extensive worldwide system that stores information on everything (and almost everyone), the Internet comprises three distinct layers: the visible, the deep, and the dark web. Some layers contain significantly more information than others. The Internet is becoming more complicated, but it is also daunting. Given how little we know and how little control we have, it is fair to feel apprehensive, particularly when we encounter news and stories concerning the Dark Web. We automatically identify this menacing term with anything dangerous.
In this seminar you'll learn how to:
- How to find out if your important data has been breached
- The risks associated with that data falling into the wrong hands
- Which markets, forums, and other corners of the dark web are most relevant right now
- How to use intelligence to protect against credential leakage, data breaches, and ransomware attacks
From Asset Management to Asset Intelligence: Crossing the CAASM
Leslie Forbes, Vulnerability Management SME - EMEA, Axonius
As the sprawl of devices, device types, and solutions continues to skyrocket, environments only grow more complex. But there’s good news: asset management has evolved. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, always up-to-date view into all assets via integrations of existing tools, data correlation at scale, and querying capabilities to find and respond to gaps.
Join this session to learn how asset intelligence and the emerging Cyber Asset Attack Surface Management (CAASM) category;
- improves security hygiene
- reduces manual work
- remediates gaps.
Hunters: The SOC of the Future
Hanan Levin, VP Sales EMEA, Hunters
Join Hunters to explore the key trends and paradigm shifts in data, detection and investigation, within the ever changing world of SOCs.
- Find out how you can increase data retention whilst reducing your costs, through using built-in-detection and automation in your SOC platform.
Understand the technologies required for the effective and efficient detection of cyber threats to protect your organisation
Ian Dutton, Senior Sales Engineer, GateWatcher
- Providing a 360 degree view
- What complementary detection technologies should you deploy
- Detecting low noise advanced attacks, including APT’s and zero days
Elevating cybersecurity as a business enabler and source of competitive advantage
Carl Urban, Lead Cyber Consultant, e2e-assure
In this session, Carl will be discussing a paradigm shift in how organisations think of cybersecurity, to bring further business benefits above and beyond just being more secure. He’ll be bringing together insights from recent conversations with customers, partners and industry experts as well as practical examples from industry on how to make this shift and give your organisation an additional element of competitive advantage over the competition.
- Foundations for effective cybersecurity, including building the right culture
- Effective communication with board members
- Building trust through transparent communications
- Benefits to organisations of viewing cybersecurity as more than just a cost centre
- How organisations can make cybersecurity a new source of competitive advantage
Tales from the Frontline
Derek Skinner, Global Manager, Investigations, Absolute on behalf of CWSI
- How to enable the modern frontline policing
- Securing and managing the mobile fleet – who are still the weakest links
- Real-life private investigation scenarios brought to life
Email Security & Brand Protection: Two Sides of the Same Coin?
Joshua Harris, Senior Customer Success Engineer, Red Sift
- The changing nature of impersonation attacks and domain abuse, and how fraudsters are achieving their goals
- What steps organisations can take to protect themselves now and for the future
- How organisations are defending their brands against impersonation while building consumer confidence and positively influencing buyer behaviours
Why Asset Visibility is a Critical Foundation of Operational and Cyber Resilience
Anthony Smyth, Senior Director, Solution Architects EMEA, Armis
Having complete and continually up to date visibility into your connected devices, is the platform on which to assess and build your cyber security posture. Which can include:
- Ensure Compliance with security standards and regulation
- Optimise the security tools within your environment
- Ability to Prioritise Vulnerability Management
Threat Disruption: Securing 2022 from 2021
Kenny Williams, Solution Engineer, Malwarebytes
In this presentation dive into the latest threat intelligence to
- Understand how COVID-19 caused a disruption of cybercrime that not only changed the trajectory of the landscape well into 2022 but shifted how we fight attacks today.
- Find out how global law enforcement has shifted the players in ransomware
- Learn the most effective defence strategies to beef up your network security against emerging threats.