Strategic Sponsors

2|SEC Consulting is a trusted cyber and information security consultancy focused on comprehensive cyber security risk management solutions as part of a broader business strategy.

We deliver tailored cyber security and information security solutions to protect our clients’ brands and reputations. Our services are designed to ensure that our clients’ most important assets are protected, available and continuously operating.

We are committed to providing outstanding support and delivering on all aspects of cyber and information security. Our services are adapted to the exact business needs of each client to achieve their organisations’ objectives.

Understanding and managing risk is an on-going process which is critical to the operation of any organisation. 2|SEC Consulting delivers technical assurance and business advisory services to its global clients' base, from agile start-ups to FTSE 250 organisations. 

How can 2|SEC Consulting help you?
Our cyber and information security services deliver business resilience to help your organisation to quickly adapt disruptions while maintaining your business operations and technical assurance where we can test, monitor and maintain solutions to help protect your business.

To meet continuously evolving security challenges, comply with regulatory requirements and achieve your business objectives, 2|SEC Consulting deliver:

  • Audit
  • Testing
  • Training solutions
  • Framework implementation
  • PCI DSS QSA audits
  • Range of advisory services

Contact us if you want to improve your organisation's cyber readiness: 

audit@2-sec.com or +44(0)20 7877 0060

For more information please visit our website: www.2-sec.com

Acuity’s award-winning cyber risk platform, STREAM Integrated Risk Manager provides unrivalled visibility of risk and compliance status to CISOs, risk managers and the business.

Voted Cyber Security Product of the Year (2018) by CIR magazine and with the maximum 5* rating from Secure Computing magazine for the last four years, STREAM is used in 28 countries across multiple industries.

Automate any cyber risk framework or methodology to deliver credible, reliable and repeatable enterprise-wide measurement, management and monitoring of cyber risk to prioritize actions, evaluate cyber security investments and report to the Board.

STREAM’s greatest technical innovation is in modelling all of the complex relationships that exist in cyber security risk management; correlating and presenting all risk data (including from external sources) in business terms via a simple and intuitive user interface.

With both quantitative and qualitative risk assessment options, STREAM provides enterprise-wide aggregation and reporting of cyber risk in financial terms. This allows users to make risk-informed decisions and understand return on cyber security investment.

Visit the Acuity stand for a demonstration of STREAM in action and discover the various features designed to ease your way around PCI DSS compliance and other standards and regulations. STREAM allows you to quickly and easily track new payment channels, choosing the required level of SAQ to assess and report, including key milestone. STREAM also allows you to manage and link multiple integrated frameworks, such as PCI DSS, ISO 27001 and NIST 1.1 to minimise workload and track related risk.

For more information or to request a free 30-day trial, please visit: https://acuityrm.com/

ColorTokens have no solution for Brexit. We can’t make CISO’s/Compliance Managers more attractive to strangers. We certainly don’t offer a silver bullet for PCI compliance. However, we can make things easier.

Our approach is based on 4 premises, for in-scope IT infrastructure:

  • Invest in protection to reduce cost and time of remediation
  • Provide continuous visibility and alerting of all out of policy conditions immediately
  • Use one platform for protection, isolation, vizualisation, alerting, remediation and audit
  • Be 24 x 7 audit ready

Companies and public bodies face the challenge of identifying PCI impacted infrastructure, and then coordinating two organisations – IT infrastructure and Security teams  - to quickly identify and remediate security events. Traditional security technologies and point solutions make this increasingly difficult. We address the IT infrastructure aspects all 12 PCI security controls through a single software based platform. It can be deployed in minutes and requires no changes to existing in-scope systems. This starts with endpoints, traverses networks and is managed by a single reporting dashboard. We are available aaS in the Cloud or on premise. We are enabling our clients to deliver faster simpler PCI compliance and will talk through an example in the plenary.

We are a next generation global security software company headquartered in the Silicon Valley with operations in USA, UK, Europe, Middle East, India and Australia. We were named Next Generation Security Company of the Year at the 2019 Cyber Defense Magazine InfoSec Awards. We also won five other awards, including Most Innovative Micro-segmentation, State of the Art Application Security, Breakout Cloud Security, Hot Company Data Center Security, and Publisher's Choice Endpoint Security awards. 

Our team includes one of the founders of the Zero Trust approach to security and a previous US Federal Government CTO.

We are privately funded.


OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. More than 2,500 customers, both big and small and across 100 countries, use OneTrust to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world's privacy laws. 

OneTrust's size and scale allows it to offer the easiest-to-use and most affordable solution for implementing use cases including: Privacy Maturity Benchmarking, Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Third-Party Vendor Risk Management, Incident and Breach Response, Data Mapping (Records of Processing), Customer Preference Management, Consent Management, Website Scanning & Cookie Compliance, Mobile App Scanning, Data Subject/Consumer Rights Management and Policy & Notice Management.

The platform's intelligence comes from DataGuidance by OneTrust, an in-depth and up-to-date source of privacy and security regulatory summaries, guidance, templates, case law, and analysis. The database is updated daily by over 20 in-house privacy researchers, along with a network of 500 lawyers across over 300 jurisdictions.

OneTrust's 700 employees are located across co-headquarters in Atlanta and in London with additional locations in Bangalore, Melbourne, San Francisco, New York, Munich and Hong Kong. To learn more, visit OneTrust.com.

Zimperium, the global leader in mobile device and app security, offers real-time, on-device protection against Android and iOS threats. The Zimperium platform leverages our award-winning machine learning-based engine - z9 - to protect mobile data, apps and sessions against device compromises, network attacks, phishing attempts and malicious apps. To date, z9 has detected 100% of zero-day device exploits without requiring an update or suffering from the delays and limitations of cloud-based detection - something no other mobile security provider can claim.

Education Seminar Sponsors

Clearswift is trusted by organizations globally to protect critical information as it’s processed and shared through digital collaboration channels, giving teams the freedom to operate securely and drive business growth. Our unique technology provides a straightforward and ‘adaptive’ data loss prevention solution that avoids the risk of business interruption, and enables control and visibility of critical information 100% of the time.

Clearswift secures some of the most sensitive defense, intelligence and law enforcement agencies in the world. The reason being, “Clearswift can detect content and code that other security vendors can’t”. The robust deep content inspection engine built into all Clearswift’s solutions works together with advanced security and data loss prevention features to mitigate cyber-attacks, protect sensitive information and enhance security processes.

Visit www.clearswift.com for more information


"CNS exists to protect our clients and enable them to make effective cyber security decisions by thinking beyond technology led preconceptions."

As a leading provider of cyber security services, we protect organisations from the pervasive and complex threats that exist. Over our 25 years in business we have developed a portfolio of comprehensive 360-degree security solutions and services.

Compliance & Governance Consultancy

  • PSN
  • Top 20 Critical Controls
  • ISO 27001
  • Aegis - Cyber Security Maturity and Supply Chain Assessment
  • Cloud Assessment

Offensive Security Solutions

  • Internal Penetration Testing
  • External Penetration Testing
  • Dynamic Penetration Testing
  • Cyber Essentials
  • Application Security Assessment Services
  • Social Engineering
  • Secure SDLC
  • CHECK Testing
  • Application Testing
  • Mobile Application Testing
  • Cyber Security Incident Response

Defensive Security Solutions

  • Managed Security Services
  • Public Sector Services
  • Protective Services

Our dedicated on-shore Cyber Security Operations Centre provides 24/7/365 threat detection and protection for some of the UK’s most valuable assets.

As a part of Six Degrees we are able to provide not only scale, but holistic solutions for organisations that are going through the process of digital transformation and striving to implement cyber security frameworks.


Have you deployed ‘Pause and Resume’ for your contact centre or are you just about to tackle phone payments? If so, discover how DataDivider can simply take out your agent desktops, network and back-end systems from PCI scope whilst your agents continue to listen to and enter cardholder data. Reduce you BAU costs or implement a call centre PCI de-scope strategy for the fraction of the cost of complex DTMF tone masking solutions. Sound impossible? Find out how by visiting DataDivider’s booth or attending our education session “Leveraging your PCI DSS investment for GDPR ”. In the past decade PCI forensic audits have only discovered a handful of telephony infrastructure related breaches so focus your risk based approach to where the real exposure lies. 

DataDivider provides the ability to de-scope desktops, data networks and backend systems for telephone, mail, fax, email and chat payments. Entering its eighth year as a PCI certified Level 1 Service Provider, DataDivider provides its solution to over 80 Level 1 to Level 4 merchants. Its unique patent pending technology provides the most cost effective approach to managing MOTO payments where the solution can be deployed in a matter of days and weeks as opposed to months and years. The DataDivider solution precludes the necessity of expensive and time consuming telephony and applications integration yet still achieves the objectives of keeping cardholder data segregated from the applications architecture.

Illumio, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. 

VISIT: www.illumio.com


Netwrix is a software company that enables information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides. Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

PCI Pal’s mission is to safeguard reputations and build trust.

We do this by providing our channel partners with secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments. Our globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other relevant security rules and regulations.

With the entire product portfolio served from the cloud, integrations with existing telephony, payment, and desktop environments are flexible and proven, ensuring no degradation of service while achieving security and compliance.

With extensive operations and technical experience of the contact centre sector, we’re uniquely qualified to deliver operationally efficient cloud-based security solutions to organisations operating on a global scale.

PCI Pal has offices in London, Ipswich (UK) and Charlotte N.C (USA).

For more information visit www.pcipal.com or follow the team on Twitter:  https://twitter.com/PCIPAL 


SecureTrust™, a division of Trustwave, is focused on helping businesses achieve, exceed and maintain regulatory obligations as threats to data and privacy continue to evolve. We deliver world-class consulting, compliance and risk assessment services and solutions for the enterprise market as well as tailored merchant risk management programs. 

Since 1995, Trustwave has pioneered innovation and built a reputation as a leader in the payment card industry. This innovation has extended to several regulatory initiatives necessary for conducting business in today’s global environment and is the cornerstone of the SecureTrust™ business.

SecureTrust™ services include: 

Enterprise Global Risk & Compliance Services
A strategic approach to managing compliance and IT risk challenges from PCI to GDPR to security maturity.  Services include PCI DSS Compliance, Data Privacy (incl GDPR), ISO and Risk Consulting.
Merchant Compliance Programs
Comprehensive and customizable programs for merchant service providers to enable risk reduction, and business growth. Includes automated tools for real-time program monitoring and integrated security tools to aid self-Assessment and simplify PCI DSS compliance.
Compliance Technologies
SecureTrust™ offers a portfolio of compliance technologies to help support compliance, risk, security maturity and data privacy programs such as penetration testing, EndPoint Protection, Network Access Control, FIM and DLP.

SecureTrust™ has a one of the world’s largest networks of experienced QSAs based in 16 countries and compliance offerings that include both self-managed portal-based options or fully managed solutions. Our mission being to take the complexities out of attaining and maintaining compliance. 

For more information, visit www.securetrust.com

Semafone’s flagship Cardprotect solution makes it easy and cost effective to accept payments over the phone and strengthen data security, while meeting PCI DSS compliance.

Cardprotect allows callers to enter their payment card details directly into their telephone keypad, rather than reading them aloud – it does this using Semafone’s patented payment method that utilises DTMF masking technology.  Cardprotect replaces the telephone’s keypad tones with flat tones, ensuring that the payment card details are not captured on phone recordings and cannot be deciphered by either the contact centre agent on the line, or a cybercriminal who could hack into the network systems. The payment card data is encrypted and seamlessly sent straight to the payment service provider (PSP), meaning that it never enters your contact centre infrastructure. Through this entire process, the contact centre agent stays on the line, in full voice communication with your customers to ensure a positive customer experience.

By ensuring that sensitive payment card data does not touch the contact centre’s network infrastructure, Cardprotect dramatically reduces the scope for PCI DSS, reducing the cost, burden and complexity of compliance.

The world’s leading and iconic brands trust and depend on Semafone to safeguard their customers

Here’s why…

  • Semafone retains all four leading security and payment certifications - ISO 27001:2013, PA DSS for Cardprotect when deployed on-premises, PCI DSS Level 1 Service Provider and listed as a Visa Level 1 Merchant Agent
  • Only vendor with all four certifications
  • Highest number of customer deployments, clients, countries, agents and years in the contact centre business
  • 100,000+ contact centre CSR seats worldwide 
  • Delivers both carrier class cloud and on-premise solutions
  • Open and flexible architecture make it easy to deploy
  • Industry leading partners; including BT, Gamma, Genesys and Oracle
  • PCI Winner for Excellence 2017 & 2018, Best in Business Award 2018 and CNP Best Call Centre 2017.

Tel: +44 (0)845 543 0822

E-mail: emeasales@semafone.com

Visit: https://semafone.com/gb/


Silver Lining is a professional IT and telecoms provider offering the very best in business IT, telecommunications, data and mobile solutions. Whether it’s business broadband, telephone systems, IT infrastructure, mobiles, or just a memorable phone number – we’re here to help.
Through trusted long-term relationships with our clients, the team at Silver Lining realised that shopping around for suppliers is an unwelcome challenge. UK businesses would rather source their IT and telecommunication solutions through a single vendor who are able to present the bespoke solutions with a consultative approach – helping you maximise your full return of investment.

Our team are communications experts, skilled and experienced from handsets to hosting and everything in between. We provide tailored solutions through our team of Splicecom, Avaya, Cisco, Microsoft, HP, VMware, Citrix, and mobile app specialists. Our combined knowledge, innovation and expertise have led to contracts with a variety of household names.

The launch of our fourth-generation cloud platform ‘RevolutionCloud’ enables us to offer a unique solution to operate and manage your entire infrastructure – differentiating our offering from those ‘off-the-shelf’ solutions available. 

Our award-winning PCI compliance solution is based entirely within our private ‘RevolutionCloud’ infrastructure. This DTMF masking solution was designed to de-scope the contact centre and bring complete security to telephone card payment services - achieving the PCI award for ‘Innovation of the Year’.

At Silver Lining, we understand every business is different, our customers range from small, single site start-ups to complex multi-site enterprises and government organisations.

Applying a consultative approach, we work closely with you to identify your exact requirements. Our unified communications services can offer improved efficiency, reduced running costs and the flexibility to easily upgrade as your business grows. We pride ourselves on thinking ‘outside of the box’ – to find a solution that truly meets your needs.

For more information visit: www.silver-lining.com

Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.

Learn more at https://www.tripwire.com/, get security news, trends and insights at www.tripwire.com/blog, or connect with us on LinkedIn, Twitter and Facebook.

Networking Sponsors

For over 30 years, Comsec has provided its clients with cutting edge innovative services and solutions to answer their cyber-security and business needs. The services include penetration testing, red-teaming, incident response, DDoS-simulations, risk assessments, compliance readiness/certifications and cyber drills. Comsec not only assists customers in protecting themselves against threats and breaches, but also gives them the tools to stay ready and protected for years to come.

Comsec has served over one thousand (1,000) organizations in over forty (40) countries, across five (5) continents, making Comsec one of the most experienced information and cyber-security providers in the world.

Thanks to our diverse range of cyber-security experts, Comsec serves organizations across a wide range of industries and verticals. Our clients include start-ups, Fortune-500 companies, leading global finance and insurance institutions, eCommerce businesses, gaming companies, telecommunication suppliers, industrial organizations, national healthcare providers, logistics/public transportation services and government entities.

Data Protection People (DPP) are a UK-based information security and data protection consultancy.

DPP maintains a dedicated QSA Practice, that sits within our PCI and information security division. Our QSA Practice is engaged by retail brands, payment service providers, and multinational organisations (including commercial and domestic energy), to provide experienced Quality Security Assessors that understand complex technical environments.  Our QSA team has a thorough technical grounding, and vast operational experience with modern technologies, including complicated virtualised environments.  Our information security team hold industry qualifications such as CESG Certified Professional, Certified Information Systems Auditor, ISO 27001 Lead Auditor, and Certified Information Systems Security Professional.

DPP’s data protection team has a strong academic grounding, with team members holding post-graduate and professional qualifications in the field of information rights law and data protection practice.

By building on our experience and listening to the day-to-day challenges of our clients, we aim to deliver world class data protection and security services that enable organisations to build a compliance programme that protects market value and provides an edge on their competition.

DPP offer the following suite of services:-

Data Protection

  • GDPR Gap Analysis – analyse and identify your organisation’s data protection posture and highlight any gaps
  • Deep Dive Consultancy – focused investigation of any data protection issue
  • Managed Services – tailored services specific to your organisation's requirements driven through a dedicated support desk function
  • Outsourced Data Protection Officer – experience Data Protection Officers acting on your behalf

Information Security

  • PCI DSS Compliance – scope identification, gap analysis, remediation, and formal QSA services
  • ISO 27001 Services – gap analysis, implementation support, and audit services
  • NIS Regulations Compliance – expert advice on the NIS Cyber Assessment Framework
  • Threat Assessment – cyber and physical threat modelling, provided by CESG Certified Professionals
  • Incident Response – on-site security incident and regulator audit support
  • Penetration Testing – internal and external penetration testing, from CREST Registered Consultants


  • DataWise – manage your data protection and security compliance from a single dashboard


Gemserv are an expert provider of professional services in a world driven by data and technology. We help companies to understand how to protect their information assets, demonstrate compliance and gain a competitive advantage through demonstrating quality against industry standards. Our background in Information Security Management Systems enables us to take a unique approach to help ensure cost-effective compliance to PCI DSS. We will address the wider operational culture, people and processes as much as technology. Risk around PCI DSS is assessed against organisational objectives, reviewing processes before and as appropriate controls are considered. Our PCI-DSS services include compliance gap analysis; policy development; implementation and technical review; remediation; culture change and transformation; assessments; SAQ completion / AoC / RoC and training and awareness.

One Payment is a brand of Ciptex one of the UK’s leading experts in the design and deployment of Contact Centre solutions. This expertise in the Contact Centre industry combined with our knowledge of PCI-DSS compliance ensures that we are perfectly placed to provide the right contact centre compliance solution for both you and your customers.
Our unique Compliance as a Service offer has been specifically designed to ensure any contact centre which takes telephone-based card payments continues to do so in a compliant manner. The changes announced by the PCI Security Standards Council (November 2018) will have a major impact on the Contact Centre operation . One of the significant changes made was to bring into Scope for PCI-DSS compliance both the spoken and recorded voice. This negated the approach made by most contact centres who have previously relied on the pausing and resuming of their call recordings as a method of achieving PCI-DSS Compliance.
We don’t just supply a single product. we offer a range of different technologies to match your customers own purchasing preferences. However, Compliance does not simply end with implementation of technology, our service provides you with ongoing guidance and updates to ensure your contact centres continue to operate in line with the evolving PCI-DSS guidelines.
One Payment does this by a five-step process as outline below;

  • We complete a comprehensive audit to fully understand your customer journey
  • We develop a compliance strategy, bespoke to your business requirements
  • We deploy the selected technology integrated within your contact centre
  • We ensure the correct procedures are in place to remain compliant
  • We update your compliance strategy, as and when guidelines change

As a fully Visa and PCI certified third party service provider, we are approved to  provide the full range of services designed to ensure that you  achieve PCI-DSS compliance without adversely impacting upon your customers journey.
For more information on our services and take advantage of a free audit draw available to all attendees of the event:
Telephone 0808 196 1676     
Email : info@onepayment.cloud   
Website : www.onepayment.cloud

WhiteSource helps organizations secure and manage open source components used in your products. 

Global Banks and Fintech companies use WhiteSource's help to comply with the PCI Secure Software Lifecycle standards by keeping payment applications free of known vulnerabilities.

WhiteSource was recently scored as a leader in the latest Forrester Wave Software Composition Analysis (SCA) Report for 2019 with the strongest offering and strategy 

Drop by our stand to get a free copy on July 3rd!